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mance  test, 
but  trade-offs 
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Cisco  trying  to  limit 
‘threat’  of  software- 
defined  networking 


BY  JIM  DUFFY 

SAN  DIEGO—  Cisco’s  network  programmability  strategy 
is  a  multifaceted  initiative  intended  to  keep  the  business  at 
the  forefront  of  networking  technology,  even  as  software- 
defined  networking  threatens  the  company’s  dominance. 

SDN  has  been  hailed  by  proponents  as  the  biggest  trans¬ 
formation  of  networking  in  decades.  It  promises  to  make  the 
physical  infrastructure  irrelevant  to  the  actual  behavior  of 
the  traffic  by  enabling  software  programmability  of  flows 
and  additional  features. 

The  problem  for  Cisco  is,  it  makes  a  lot  of  money  off  the 
customized  nature  of  its  hardware  and  software,  which  is 
omnipresent  in  enterprise,  data  center  and  service  provider 
networks. 

But  with  the  increasing  openness  of  software  in  open- 
source  communities  and  the  broadening  capabilities  of  mer¬ 
chant  ASICs,  SDNs  and  associated  standards  —  like  Open- 
Flow  —  are  poised  to  further  commoditize  and  undercut  the 
profitability  of  networking  hardware.  So  it  behooves  Cisco  to 
get  as  close  to  SDN  as  it  can,  from  every  angle,  so  it  can  control 
not  only  the  pace  at  which  it  infiltrates  Cisco’s  ubiquity,  but 

►  See  Cisco, page  14 
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Smarter  technology  for  a  Smarter  Planet: 

The  cloud  that’s  transforming 
an  industry,  one  fish  at  a  time. 

At  the  University  of  Bari,  a  new  computing  model  is  creating  new  business  models.  Using  an  IBM  SmartCloud,™  their 
team  built  a  solution  that  allows  local  fishermen  to  auction  their  catch  while  still  at  sea.  By  creating  more  demand 
for  the  fishermen’s  product,  the  cloud  has  increased  income  by  25%  while  reducing  time  to  market  by  70%.  Now 
the  team  is  scaling  the  solution  to  create  new  business  models  for  the  winemaking  and  transportation  industries. 
What  can  cloud  do  for  your  business?  A  smarter  planet  is  built  on  smarter  software,  systems  and  services. 
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OpenFlow  blossoms 


elief  in  OpenFlow-based  software-defined 
networking  is  coalescing  rapidly,  the  latest 
evidence  being  the  overflow  crowds  at  last  week’s 
Open  Networking  Summit  in  Santa  Clara,  Calif., 
and  new  details  about  a  Cisco  startup  that  has 
been  formed  to  address  the 
opportunity. 

After  having  to  turn  people  away  at  an  overflowing 
Summit  meeting  last  October,  event  organizers  shifted 
last  week’s  meeting  to  a  venue  twice  as  large  but  still 
maxed  out  registration  and  had  to  create  a  wait  list  (see 
“Open  Networking  Summit  2012:  Google,  Verizon, 

NEC,  others  tackle  future  of  OpenFlow";  tinyurl.com/ 
cup4agp). 

This  stuff  is  hot. 


One  of  the  attractions  at  the  Summit  was  a  keynote  by  Google  Fellow  and  Senior 
Vice  President  for  Technical  Infrastructure  Urs  Holzle,  who  discussed  how  Google 
has  already  completed  the  migration  of  its  huge,  international  inter-data  center 
network  to  OpenFlow,  essentially  separating  network  control  from  the  data  plane. 

Network  World  blogger  Art  Fewell,  who  was  at  the  event,  said  Holzle  cited  a 
litany  of  benefits  of  using  software-defined  networking,  including  the  ability  to 
get  “a  global  view  of  network  utilization,  allowing  simple  and  dynamic  traffic¬ 
steering  on  low  cost  hardware”  (see  “Google  showcases  OpenFlow  network”; 
tinyurl.com/bm3wq2q). 

Google  is  one  of  the  early  backers  of  the  Open  Networking  Foundation,  the 
group  that  was  launched  in  March  2011  “to  standardize  and  promote  SDN  inter¬ 
faces  and  protocols  including  OpenFlow.”  Other  early  backers  of  the  work  first 
done  at  Stanford  and  Berkeley  include  Microsoft,  Verizon  and  Facebook. 

A  week  before  the  Summit,  Google,  Cisco,  Juniper  and  a  host  of  other  tech  com¬ 
panies  teamed  with  research  groups  at  Berkeley  and  Stanford  to  create  the  Open 
Networking  Research  Group,  another  sign  the  industry  is  serious  about  this  stuff. 

The  incumbent  network  players  have  to  be  involved,  of  course,  because  they  fear 
that  separating  the  network  data  plane  from  the  control  plane  and  offloading  the 
latter  to  servers,  as  SDNs  do,  reduces  the  value  of  their  products,  so  they  need  to 
keep  an  eye  on  developments. 

While  Cisco  had  been  hedging  its  OpenFlow  bets,  it  has  since  jumped  in  with 
both  feet  by  creating  Insieme.  CEO  John  Chambers  last  week  said  Cisco  has  invested 
$100  million  in  the  venture,  with  the  right  to  purchase  the  remaining  interests  of  the 
company  for  up  to  $750  million,  a  so-called  spin-in. 

Despite  the  flurry  of  activity  around  SDNs,  experts  remind  us  that  it  is  still  early 
days.  This  will  be  a  long  journey.  Nevertheless,  Fewell  says  it  is  never  too  early  to 
start  asking  suppliers  for  their  long-range  OpenFlow  plans. 
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The  end  of  Windows  XP  support: 

A  security  nightmare . . . 

©  IF  MICROSOFT  WOULD  build  properly 
tested  code  to  begin  with,  we  would  not 
have  to  worry.  MS  develops  programs 
“good  enough”  to  allow  them  to  sell,  then 
waits  for  the  consumers  and  hackers  to 
find  the  problems  (Re:  “End  of  Windows 
XP  support  era  signals  beginning  of  secu¬ 
rity  nightmare”:  tinyurl.com/6sSs8fw). 

Would  you  want  the  computers  in  your 
car  to  have  software  developed  under  the 
same  philosophy,  leaving  you  stranded? 

Brunnegd 

©XPISALSO  embedded  in  many  POS 
registers,  kiosks,  ATMs  and  other  devices. 
All  told,  there  are  far  more  XP  systems  out 
there  than  desktop  statistics  reflect.  This 
is  going  to  be  a  huge  global  IT  commu¬ 
nity  problem,  and  it  is  not  in  Microsoft’s 
perceived  financial  interest  to  do  anything 
about  it  except  push  Windows  7  upgrades. 

GreenMan 

. . .  or  opportunity  to  open  source? 

©  DON'T  FORGET  THAT  XP  shares  large 
chunks  of  code  with  its  descendants. 
That’s  why  many  Microsoft  patches  apply 
to  multiple  operating  systems  and  prod¬ 
ucts  (Re:  “Microsoft,  instead  of  turning 
the  lights  off  on  XP,  make  it  open  source”; 
tinyurl.com/73zfu98). 

Shared  code  base  is  actually  a  good 
thing,  as  this  is  what  allows  new  OS 
versions  to  be  backward 
compatible.  For  Micro¬ 
soft  to  release  XP  to  open 
source  it  would  have  to 
make  any  new  operating 
systems  break  this  com¬ 
patibility,  and  you  would 
suddenly  not  be  able  to 
run  programs  compiled 
for  XP  on  the  latest  ver¬ 
sion  of  Windows. 

You  could  even  argue 
releasing  XP  to  open 
source  would  actually  be 
dangerous,  as  malware  writers  would  get 
a  free  look  at  code  that  is  a  critical  part  of 
current  operating  systems,  both  consumer 
(Windows  7)  and  the  various  current 
server  OSs.  Yes,  the  open  source  commu¬ 
nity  would  eventually  catch  up  to  finding 
and  fixing  vulnerabilities,  but  there  would 
be  a  period  of  mass  chaos  in  the  interim. 

Alan  Dudley 


More  tips  for  creating 
profitable  mobile  apps 

©  1.  CREATE  AN  app  that  people  want  (not 
another  “roll  a  joint”  app)  (Re:  “3  tips  for 
actually  making  money  making  mobile 
apps”;  tinyurl.com/74mpdns). 

2.  Market  the  app  correctly;  release  a 
demo  for  free  (you  will  lose  all  revenue 
due  to  refunds  and  bad  ratings,  whereas 
you  can  gain  good  feedback  from  a  beta 
release). 

3.  Multiplatform  (not  everyone  owns 
an  iOS  device). 

4.  K.I.S.S.  (Keep  It  Simple,  Stupid.  If 
people  can’t  use  it  they  won’t  want  it.) 

5.  Don’t  rely  on  one  app  to  make  you 
millions  (keep  a  flow  of  revenue  with 
several  apps  making  lower  amounts,  vs. 
one  app  to  hit  huge.  This  can  free  up  time 
to  create  an  app  that  will  be  good  enough 
to  net  high  yield). 

John  C.  Conn 

©  1.  CONSIDER  CAREFULLY  which  style 
your  app  will  be:  Free,  Freemium,  or 
Paymium. 

2.  Stay  away  from  HTML5  for  now. 

3.  Patent  early  and  often. 

John  Bickerstaff 

PureFlex,  UCS  not  comparable 

©  SORRY,  BUT  THE  comparison  of 
PureFlex  with  UCS  is  off  the  mark. 
PureFlex  is  more  akin  to  FlexPod  and 
Vblock,  which  include  all  of  the  same 
technology  domain 
components  (compute 
+  networking  +  storage) 

(Re:  “Are  IBM,  Cisco  and 
Oracle  IT  platforms  really 
comparable?”  tinyurl. 
com/7sz87f 7). 

There  are  two  primary 
differences  between 
PureFlex  and  FlexPod/ 
Vblock.  First  is  that  IBM 
doesn’t  need  to  partner 
to  pull  the  hardware 
components  together, 
and  second  is  that  IBM  has  a  far  deeper 
bench  of  apps/software  to  add  to  the  mix. 
IBM  is  not  doing  anything  truly  revolu¬ 
tionary  here  —  it’s  following  the  lead  of 
others  who  have  already  been  delivering 
similar  solutions,  albeit  adding  its  own 
twist  and  strengths  (software,  software, 
software). 

Jim  Frey 


There  are 

far  more  XP 
systems  out 
there  than 
desktop  statis¬ 
tics  reflect. 
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TODAY,  ONLY  34%  OF  PEOPLE  WORK  FROM  A  SINGLE  LOCATION 


MOTOROLA  SUPERIOR 
ANDROID  SOLUTIONS 
MEAN  BUSINESS 


•  Most  Comprehensive  Android™  MDM  Available 

•  On-the-Co  Conferencing  with  Citrix®  GoToMeeting® 

•  MOTODEV  for  Enterprise  App  Development  Support 

•  MotoAssist™  IT  Exchange  Engineer-Staffed  Call  Center 


er»d  trademarks  of  Motorola  Trademark  Holdings,  LLC.  Android 

espective  owners.  ©2012  Motorola  Mobility.  Inc 

Al!  rights  reserved) 
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IBM  IS  amassing  even  more 
analysis  expertise  with  the  pur¬ 
chase  of  Varicent  Software, 
a  business  intelligence 
software  provider  based  in 
Toronto.  Varicent  Software 
collects  reports  of  sales  data 
from  different  systems,  such  as 
finance,  sales,  human  resources 
and  IT  departments,  and  ana¬ 
lyzes  it  to  determine  employee 
compensation,  streamline 
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The  cloud  most  traveled 

DEEPFIELD  NETWORKS,  A  new  cloud  intelligence  com 
pany,  posted  some  eye-popping  findings  last  week  about 
the  breadth  of  Internet  activity  Amazon  is  now  respon¬ 
sible  for.  Fully  one-third  of  all  Internet  users  now  access 
Amazon's  cloud  site  at  least  once  a  day.  and  about  1%  of 
all  Internet  consumer  traffic  in  North  America  goes  to  the 
Amazon  cloud,  according  to  DeepField  CEO  Craig  Labovitz. 
By  comparison,  YouTube  last  year  accounted  for  6%  of  all 
'nternet  traffic,  tinyurl.com/cyrwdne 


from  remote  locations,  seam¬ 
less  wireless  backup  in  case 
wireline  service  goes  down, 
and  the  ability  to  gain  visibility 
to  the  mobile  devices  connected 
to  company  wireless  rout¬ 
ers  through  dynamic  mobile 
network  routing,  tinyurl.com/ 
cwxjy8z 

IBM  bulks  up  on 
analysis  tools 


territory  assignments,  manage 
sales  quotas  and  monitor  sales 
activities.  The  software  will 
be  folded  into  IBM’s  Smarter 
Analytics  line,  joining  analysis 
software  from  previous  acquisi¬ 
tions,  including  Algorithmics, 
Clarity  Systems,  OpenPages, 
Cognos  and  SPSS.  In  the  big 
picture,  IBM  expects  to  generate 
$16  billion  in  the  sales  of  data 
analysis  systems  and  services 
by  2015.  tinyurl.com/cnzw5t3 

Don't  we  pay 
enough  taxes 
on  wireless? 

NEW  YORK  Attorney  Gen¬ 
eral  Eric  Schneiderman  has 
filed  a  $300  million  lawsuit 
against  Sprint  Nextel,  alleging 
that  the  mobile  provider  has 
deliberately  under-collected 
$100  million  worth  of  state 
and  local  sales  taxes  on  mobile 
phone  service  in  an  effort  to 
gain  a  competitive  advantage. 
“By  deliberately  evading  sales 
taxes,  Sprint  cost  state  and 
local  governments  over  $100 
million  that  could  have  been 
used  for  critical  services  and 
much  needed  resources,” 
Schneiderman  said  in  a 
statement.  Sprint  denies 
the  charges.  “We  have 
collected  and  paid 
over  to  New 
York 


11  VIDEO 

Why  gamification 
matters  to 
enterprises 

Check  out  video  of  ses¬ 
sions  from  last  month's 
CITE  2012  (Consumeriza- 
tion  of  IT)  conference, 
including  a  cool  presenta¬ 
tion  about  gamification, 
and  why  companies  should 
adopt  similar  strategies  for 
their  businesses. 
tinyurl.com/d5qn959 


every  penny  of  sales  taxes  on 
mobile  wireless  services  that 
we  believe  our  customers  owe 
under  New  York  state  law,” 
said  spokesman  John  Taylor. 
“With  this  lawsuit,  the  attorney 
general’s  office  is  claiming  New 
York  consumers,  who  already 
pay  some  of  the  highest  wireless 
taxes  in  the  country,  should  pay 
even  more.  We  intend  to  stand 
up  for  New  York  consum¬ 
ers’  rights  and  fight  this  suit.” 
tinyurl.com/czkrqkx 


Verizon  LTE 
service  offloads 
to  private  IP 
networks 

VERIZON  BUSINESS  has 

a  service  that  lets  business 
customers  connect  LTE  devices 
directly  to  their  private  IP 
networks  for  secure,  high¬ 
speed  Internet  access.  With 
Private  IP  Wireless  LTE, 
customer  LTE  traffic  is  routed 
from  the  nearest  cell  tower  to  an 
enterprise  gateway  in  a  Verizon 
switching  center.  Data  routed 
to  and  through  the  gateway  is 
encoded,  but  not  encrypted, 
and  kept  separate  from  the  pub¬ 
lic  Internet.  Encryption  of  the 
data  can  be  added,  if  desired. 
Among  the  potential  benefits 
are:  a  secure  way  to  wirelessly 
access  enterprise  applications 
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BYOD  pros 
and  cons 

DESPITE  MYRIAD  security 
concerns  and  manageability 
challenges,  there  are  positive 
effects  associated  with  the 
BYOD  trend,  according  to 
a  survey  of  IT  pros  jointly 
conducted  by  Network  World 
and  SolarWinds.  Among  the 
respondents  whose  compa¬ 
nies  allow  personal  mobile 
devices  to  access  the  corporate 
network,  46.2%  said  the  policy 
has  increased  productivity 
among  end  users.  A  nearly 
similar  number  (47.2%)  said  it 
has  increased  end  users’  ability 
to  work  from  home.  On  the 
downside,  65.3%  said  they  don’t 
have  the  necessary  tools  in  place 
to  manage  non-company-issued 
mobile  devices  on  the  network. 
tinyurl.com/brluumd 

Hospitals  seeing 
more  patient 
data  breaches 

A  BIANNUAL  survey  of250 
healthcare  organizations 
shows  breaches  exposing 
patient  data  are  on  the  rise.  The 
survey,  commissioned  by  Kroll 
Advisory  Solutions,  found  27% 


of  respondents  had  at  least  one 
security  breach  over  the  past 
year,  up  from  19%  in  2010  and 
13%  in  2008.  Also  on  the  rise 
is  the  percentage  of  problems 
that  originate  from  laptops 
and  mobile  devices  (22%,  up 
from  11%  in  2010)  rather  than 
misuse  of  paper  records.  In 
addition,  10%  of  respondents 
reported  data  breaches  related 
to  third-party  vendors  that  store 
healthcare  data,  up  from  6%  in 
2010.  tinyurl.com/7dusm3j 

Record  demand 
for  Linux  skills 

LINUX  JOB  listings hita 
new  high  in  early  April, 
according  to  career 
site  Dice.com,  which 
reports  seeing 
greater  urgency  in 
employers’  search  for 
that  talent.  As  of  April  2,  there 
were  12,007  Linux- related  post¬ 
ings  on  Dice,  which  represents 
a  17%  spike  compared  to  a  year 
ago.  As  a  result,  employers  are 
paying  higher  salaries  and  big¬ 
ger  bonuses  as  well  as  offering 
flexible  work  schedules  and 
additional  training,  according  to 
a  report  published  by  Dice  and 
the  Linux  Foundation,  tinyurl. 
com/d3954c 


Techie  words  of  wisdom 


A  HANDFUL  of  high-profile  techies  will  be  sharing 
their  pearls  of  wisdom  with  graduating  college 
students  next  month,  including  IBM  Chairman 
Sam  Palmisano  (Johns  Hopkins  University), 
Apple  co-founder  Steve  Wozniak  (Santa  Clara 
College),  Cisco  SVP  Wendy  Bahr  (Old  Domin¬ 
ion  University)  and  Linkedln  co-founder  Reid 
Hoffman  (Babson  College). 


Eau  de  MacBook? 


ARTISTS  IN  Australia  have  reproduced  the  smell  of 
a  newly  purchased  Apple  product  and  plan  to  set 
it  free  at  an  exhibition  in  Melbourne.  The  final 
scent  encompasses  "the  smell  of  the  plastic 
wrap  covering  the  box,  printed  ink  on  the  card¬ 
board,  the  smell  of  paper  and  plastic  compo¬ 
nents  within  the  box  and  of  course  the  aluminum 
laptop  which  has  come  straight  from  the  factory 
where  it  was  assembled  in  China,”  according  to  PC 
World.  No  actual  fragrance  is  planned  for  sale. 


Gmail  goes  down 

GOOGLE  SAID  last  week  that  "less  than  10%”  of 
Gmail's  user  base  was  affected  by  an  hour-plus  out¬ 
age  on  Tuesday,  April  17  (up  from  an  earlier  estimate 
of  “less  than  2%”).  That  adds  up  to  about  33.2  million 
people  potentially  missing  out  on  lots  of  useful  and 
useless  messages.  Google  apologized  for  the  issue, 
though  didn't  explain  what  went  wrong. 
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DEMO  2012  products  that  cater  to  the  enterprise 
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Hazelcast  is  a  potentially  useful  tool  for  cloud  application  developers. 


BYCOLINNEAGLE 

WHILE  MUCH  of  the  draw  to  the  2012 
DEMO  conference  in  Santa  Clara,  Calif.,  sur¬ 
rounded  consumer  technology,  such  as  the 
fantasy  politics  game  or  the  electric  skate¬ 
board,  the  conference  still  had  plenty  to  offer 
those  with  a  mind  toward  work  productivity. 

Security 

DEMO  isn’t  what  many  would  consider  a 
security-focused  event,  but  two  companies 
showcased  their  offerings  for  the  burgeoning 
mobile  security  market. 

First,  there’s  zlmperium’s  zDefender, 
which  sets  up  automatic  traffic  filters  and  a 
remote  management  console  to  help  reduce 
smartphone  threats.  The  company  also  offers 
a  suite  of  security  services,  such  as  its  “ethical 
hacking  exploit-as-a-service,”  which  enables 
enterprise  security  administrators  to  find 
vulnerabilities  in  the  network  from  their 
smartphones. 

Separately,  TrustGo  Antivirus  &  Mobile 
Security  focuses  on  mobile  app  stores,  offer¬ 
ing  a  scanning  service  to  identify  which  apps 
may  be  dangerous. 

Cloud  communications 
and  collaboration 

A  handful  of  exhibitors  looked  to  turn  more 
people  onto  the  cloud,  be  it  for  sharing  infor¬ 
mation  and  collaborating  on  work  documents 
or  reducing  costs  of  communications  systems. 

CollateBox  allows  users  to  store,  share  and 
modify  data  lists,  while  DocSync  and  roll- 
App’s  OpenOffice  integrated  with  DropBox 
do  the  same  for  iPad  users  looking  to  access 
their  own  data  on  the  fly.  ProjectFootage, 
meanwhile,  focuses  on  sharing  video  projects 
over  the  cloud  and  can  be  customized  as  an 
add-on  to  current  websites. 

Hoiio  Live  offers  a  handful  of  cloud-based 
communications  options,  namely  Internet 
phone  for  conference  and  long-distance  calls 
and  a  mobile  chat  service,  and  provides  the 
management  tools  to  store  and  update  con¬ 
tacts  or  keep  track  of  use  across  the  enter¬ 
prise.  Similarly,  RingCentral  Office  provides 
support  for  both  in-office  and  mobile  cloud 
PBX  systems. 

For  email,  there’s  ZigMail,  which  doesn’t 
necessarily  enable  cloud-based  collabora¬ 
tion  or  communications  itself,  but  simply 
makes  them  easier  to  deal  with.  ZigMail  is 
a  separate  email  inbox  that  connects  to  the 
user’s  individual  account  solely  for  the  pur¬ 
pose  of  collecting  junk  and  other  non-urgent 
mail.  So,  for  those  whose  important  messages 


get  drowned  out  by  alerts  from  social  media 
accounts  or  deals  sites,  ZigMail  may  be  the 
perfect  solution  to  help  weed  out  the  unneces¬ 
sary.  The  separate  ZigMail  account  also  sends 
one  daily  update  showing  the  subject  lines  of 
the  forwarded  emails,  so  the  user  can  get  an 
idea  of  what  else  may  need  to  be  addressed. 

Mobile  apps  and  HTML5 

As  more  businesses  look  to  interact  with  cus¬ 
tomers  via  mobile  formats,  a  couple  of  exhibi¬ 
tors  aimed  to  make  the  process  easier. 

UppSite  claims  its  offering  for  turning  a 
content-based  website  into  a  cross-platform 
mobile  app  takes  just  two  minutes.  Seeing  as 
it’s  also  free,  it  may  be  worth  a  shot. 

Another  option,  pieOS  from  Bluega,  acts  as 
a  customized  HTML5-based  homepage  with 
the  intent  of  creating  a  seamless  intuitive 
smartphone  user  interface  to  Web  browsers 
accessed  on  any  device. 

Small  and  midsize  businesses 

A  handful  of  options  for  the  small  and  mid¬ 
size  business  market  were  also  displayed, 
most  of  which  had  the  common  intent  of  offer¬ 
ing  cloud-based  management  tools. 

Agiliron  caters  to  product-based  small 
businesses  and  helps  keep  track  of  sales 
channels  and  business  intelligence  as  well 
as  front-  and  back-office  management.  In  its 
software-as-a-service  (SaaS)  format,  it  aims 
to  satisfy  those  running  SMBs  who  may  also 
be  on  the  move. 

Tabillo  offers  an  online  collaboration  and 
file-sharing  service  that  allows  users  to  orga¬ 
nize  their  own  workspaces  or  create  custom 


applications,  while  the  SaaS-based 
BizSlate  ERP  aims  to  fill  the  gap  between 
ERP  offerings  and  the  SMB.  According  to 
last  year’s  Aberdeen  Group  study,  in  which 
55%  of  responding  SMBs  said  they  would 
consider  SaaS  for  their  ERP  tools,  that  gap 
maybe  closing. 

Miscellaneous 

Other  innovations  displayed  at  DEMO 
addressed  a  few  of  the  less  common  issues 
encountered  in  the  workplace. 

PaperHater  —  a  website  and  an  iPhone 
app  —  aims  to  further  reduce  the  amount  of 
paper  used  in  the  workplace,  and  scans  every¬ 
thing  from  typed  print  to  handwritten  notes 
and  multiple-choice  answers  on  surveys. 
The  information  is  then  forwarded  to  the 
appropriate  applications,  such  as  Outlook  or 
Quiekbooks. 

For  those  with  intensive  data  management 
tasks  ahead  of  them,  Hazelcast  is  an  open- 
source  in-memory  data  grid  that  reorganizes 
some  of  the  data  management  tasks  that  can 
cause  latency  while  trying  to  develop  cloud 
applications.  Similarly,  the  Fusion-io  ioMem- 
ory  platform  is  a  NAND-based  virtual  storage 
layer  software  that  aims  to  reduce  latency  on 
enterprise  applications  that  are  already  in  use. 

Finally,  there’s  Tradesparq.com,  which 
filters  through  the  wide  base  of  social  media 
contacts  surrounding  businesses  to  help  find 
relevant  sales  leads.  With  the  aim  of  facilitat¬ 
ing  access  to  relevant  contacts,  Tradesparq 
offers  the  service  through  Facebook,  Google, 
Yahoo,  Linkedln,  Hotmail,  and  Chinese  social 
networks  QQ  and  Sina  Weibo.  ■ 
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SPECIAL  FOCUS 


Companies  partnering  to  grow  data  centers 


Digital  Realty  Trust  expanded  its  San  Francisco  footprint  this  year 
with  the  acquisition  of  a  155,000-square-foot  data  center  facility 
adjacent  to  its  existing  365  Main  St.  facility. 


BY  ANN  BEDNARZ 

DEMAND  FOR  data  center  space 
is  on  the  rise.  IT  pros  responsible 
for  facility  planning  are  juggling 
physical  requirements  for  secure, 
power-abundant  space  with  opera¬ 
tional  considerations,  including  the 
need  to  improve  disaster  recovery, 
deploy  new  applications  and  ser¬ 
vices,  and  handle  increasingly  large 
data  volumes. 

In  its  annual  study  of  the  North 
American  data  center  market,  pub¬ 
lished  last  month,  Digital  Realty 
Trust  found  a  nearly  unanimous 
need  for  more  data  center  space 
among  the  300  large  enterprises 
surveyed.  A  full  92%  of  respondents 
said  their  companies  will  definitely 
or  probably  expand  their  data  cen¬ 
ter  space  in  2012  —  the  highest  per¬ 
centage  in  the  six  years  that  Digital 
Realty  has  conducted  its  survey.  Among 
those  respondents  with  concrete  plans  to 
expand  in  2012,  38%  expect  to  expand  in 
three  or  more  locations. 

The  scale  of  projects  being  planned  is  also 
increasing,  reports  Digital  Realty,  which  is 
one  of  the  largest  providers  of  data-center 
real  estate.  Roughly  half  of  respondents  (54%) 
said  their  projects  will  exceed  15,000  square 
feet,  and  49%  expect  their  data  center  proj¬ 
ects  to  be  supported  by  at  least  2  megawatts 
of  electrical  power  (including  12%  that  are 
planning  data  center  projects  with  5  mega¬ 
watts  or  more). 

The  growth  isn’t  unexpected.  Even  during 
the  IT  project-crippling  years  that  followed 
the  financial  industry  meltdown  in  2008, 
data  center  construction  didn’t  dramatically 
slow,  according  to  Matt  Stansberry,  director  of 
content  and  publications  at  Uptime  Institute. 
In  its  most  recent  poll  of  data  center  managers, 
Uptime  Institute  found  that  80%  of  respon¬ 
dents  have  built  a  new  data  center  or  upgraded 
an  existing  facility  within  the  past  five  years. 

“You  still  need  data  center  capacity,  whether 
or  not  the  economy  booms,”  Stansberry  says. 

But  what  has  changed  is  how  data  center 
space  is  being  built  or  acquired.  In  the  Digi¬ 
tal  Realty  survey,  78%  of  respondents  with 
expansion  plans  in  the  works  said  they  intend 
to  use  a  partner  —  such  as  a  wholesale  data 
center  provider  or  a  design/build  partner  — 
for  one  or  all  of  their  projects. 

That’s  a  significant  shift  in  mindset  from 
years  past,  when  the  largest  companies 
tended  to  keep  data  center  development 


in-house.  “We  see  a  lot  of  people  looking  at 
[colocation  providers]  and  third-party  data 
center  service  providers  who  wouldn’t  have 
before,”  Stansberry  says.  “These  are  people 
who  traditionally  have  run  their  own  data 
centers,  but  that’s  shifting  pretty  rapidly.” 

Even  companies  such  as  Google  and  Yahoo, 
which  are  known  for  building  their  own  cut¬ 
ting-edge  data  centers,  are  supplementing 
in-house  development  with  third-party  pro¬ 
viders  including  Equinix,  which  specializes 
in  network-neutral  data  centers  and  intercon¬ 
nection  services. 

“They’ll  come  to  Equinix  for  the  network 
hubs  when  they  need  low  latency  and  access 
to  multiple  networks,”  says  Mark  Adams, 
chief  development  officer  at  Equinix. 

Other  reasons  large  enterprises  are  con¬ 
sidering  third-party  providers  include  the 
high  cost  of  constructing  a  private  data  center 
and  the  continuing  lack  of  enterprise  capital 
expense  funds.  In  addition,  the  collocation 
market  has  matured,  and  enterprises  are 
more  comfortable  handing  over  non-core, 
engineering-heavy  construction  tasks  to  data 
center  providers  that  specialize  in  that  kind 
of  work.  “There  weren’t  that  many  collocation 
providers  five  years  ago  that  could  provide 
enterprise-class  data  centers  for  a  financial 
organization,”  Stansberry  says. 

Certifications  by  the  Uptime  Institute, 
which  offers  a  tier  system  that  ranks  data 
centers  according  to  their  expected  levels  of 
uptime  and  availability,  show  evidence  of  the 
trend.  In  the  last  couple  of  years,  certifications 
for  collocation  and  third-party  providers’ 


facilities  have  jumped  significantly, 
and  today  account  for  roughly  50% 
of  the  certifications  Uptime  con¬ 
ducts,  according  to  Stansberry. 

Another  trend  catching  on  is 
containerized  data  center  capacity. 
In  the  Digital  Realty  survey,  41%  of 
respondents  reported  plans  to  use  a 
containerized  module  as  part  of  their 
expansions.  Uptime  Institute  notes  a 
similar  uptick,  though  not  as  drastic. 
“About  10%  of  our  market  said  that 
they  have  deployed  modular,  pre¬ 
fabricated  data  centers,  and  another 
8%  said  they’re  planning  to,”  Stans¬ 
berry  says. 

Going  wholesale 

The  managed  data  center  services 
the  enterprises  are  tapping  “run  the 
gamut  from  somebody  just  build¬ 
ing  a  raised  floor  and  handing  you  a 
key  to  the  building,  to  something  as 
specific  as  cages  in  a  site  that’s  fully  staffed,” 
Stansberry  notes. 

Vantage  Data  Centers,  a  wholesale  data 
center  provider,  gets  its  tenants  involved  in 
the  construction  process  early  on,  so  they  can 
customize  attributes  such  as  size,  density,  rack 
layout,  distribution  and  cooling  in  their  space. 

“In  wholesale  data  centers,  you  end  up 
managing  your  infrastructure,  you  bring  in 
your  racks  and  stacks,  and  we  furnish  and 
lease  the  actual  building,  optimized  for  your 
infrastructure,”  says  Greg  Ness,  chief  mar¬ 
keting  officer  for  Vantage.  During  design 
and  construction,  “there’s  a  significant  level 
of  alignment  and  coordination  between  the 
enterprise  and  Vantage.” 

One  of  those  tenants  is  Mozilla  Corp., 
which  recently  decided  to  make  the  leap  from 
multiple  retail  collocation  providers  to  a 
wholesale  data  center  model.  Mozilla’s  plan  is 
to  consolidate  its  four  Silicon  Valley  data  cen¬ 
ters  (which  include  space  in  facilities  owned 
by  CoreSite,  Internap  and  Layer  42)  into  a 
single  Santa  Clara,  Calif.,  facility  owned  and 
renovated  by  Vantage. 

The  tipping  point  came  when  Mozilla  real¬ 
ized  it  was  consuming  more  than  400  kilo¬ 
watts  of  power  in  its  multiple  data  centers, 
recalls  Matthew  Zeier,  director  of  IT  opera¬ 
tions  for  Mozilla. 

“At  some  point,  this  model  doesn’t  work. 
We’re  spending  a  lot  of  money  on  power.  So 
the  cost  model  started  to  change,”  Zeier  says. 
“At  this  level,  it  started  to  make  sense  to  look 
at  moving  away  from  a  retail  model  and  into  a 
wholesale  model.”  ■ 
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Microsoft  overhauls  licensing 
for  System  Center  2012 


BYTIM  GREENE 

MICROSOFT  HAS  formally  shipped  System 
Center  2012  management  platform,  adding 
features  that  create  application-centric  views 
of  corporate  infrastructure  and  —  just  as 
important  —  implementing  a  new  licensing 
scheme  designed  to  capitalize  on  customers’ 
frustration  with  competitor  VMware. 

Microsoft  says  the  new  licensing  structure 
cuts  the  number  of  license  packages  to  two  — 
standard  and  data  center  —  down  from  nearly 
100,  a  move  the  company  says  will  make  life 
simpler  for  IT  departments. 

Rather  than  buying  the  component  parts  of 
System  Center  singly  or  in  bundles  of  just  a 
few,  customers  will  buy  the  entire  suite. 

That’s  good  news  for  the  largest  businesses 
that  are  heavily  investing  in  private  cloud 
architectures  and  buy  the  data  center  license, 
says  Paul  DeGroot,  principal  consultant  at 
Pica  Communications. 

The  price  of  a  data  center  license  jumps 
from  $2,620  for  two  processors  and  unlim¬ 
ited  virtual  machines  to  $3,615,  he  says. 
“There  might  be  a  bigger  initial  payment,  but 
it  covers  all  the  virtual  machines  on  a  server,” 
he  says,  as  well  as  the  full  suite  of  features, 
including  new  ones. 

While  new  customers  will  still  be  able 
to  buy  certain  individual  components  as 


standalone  products  the  option  of  buying  just 
single  components  of  System  Center  such  as 
Configuration  Manager  or  Operations  Man¬ 
ager  are  pretty  much  gone.  “It’s  all  or  nothing, 
folks,”  he  says.  “You’re  either  going  to  use 
[Microsoft]  management  tools  to  do  every¬ 
thing  or  you’re  not  going  to  use  [Microsoft] 
management  tools.  ” 

He  says  this  follows  the  successful  model 
of  VMware  and  pricing  for  its  management 
platform. 

The  old  licensing  system  with  scores  of 
bundle  options  was  complex,  DeGroot  says, 
and  often  led  to  confusion.  For  example,  if  a 
customer  wanted  a  System  Center  bundle 
that  included  a  component  they  had  already 
licensed  for  another  purpose,  it  involved 
negotiation  to  decide  what  the  additional 
license  fee  should  be,  he  says. 

Under  the  new  structure,  even  if  customers 
wind  up  buying  a  bundle  that  includes  pieces 
they  never  use,  the  cost  is  manageable.  “These 
products  aren’t  terribly  expensive  compared 
to,  say,  SQL  Server,”  he  says. 

It  could  even  save  them  money,  says  Don 
Retallack,  an  analyst  with  Directions  on 
Microsoft,  depending  on  the  blend  of  physi¬ 
cal  and  virtual  machines  in  their  infrastruc¬ 
ture.  Current  customers  will  be  eligible  for 
grants  from  Microsoft  to  ease  the  cost  of 
upgrading,  he  says. 


What’s  new  with 
System  Center  2012 

App  Controller 

Provides  self-service  provisioning 
of  applications  with  a  single 
dashboard  that  manages 
components  of  deployed 
applications  including  the  underlying 
infrastructure  on  which  they  run. 

Endpoint  Protection 

This  consolidates  desktop 
management  and  security, 
including  malware  protection 
and  determining  configuration 
compliance  for  client  machines. 
(Previously  a  separate  product.) 

AVIcode  technology  (acquired 

in  2010)  Application  performance 
monitoring  for  the  Microsoft  .NET 
Framework  to  help  ensure  availability 
of  business-critical  applications 
and  services,  including  web-based 
and  distributed  applications. 

Bundled  SQL  Server 

Previously  packaged  separately. 


The  pricing  structure  is  important,  says 
Matt  Stratton,  director  of  technology  opera¬ 
tions  for  online  rental  service  apartments, 
com.  Shifting  from  VMware  to  System  Cen¬ 
ter  2012  resulted  in  a  70%  savings  in  mainte¬ 
nance  costs,  he  says.  The  company  beta  tested 
the  platform  and  switched  over  to  it  before  its 
general  release. 

►  See  Microsoft, page  12 


Windows  8  Enterprise  holds  bag  of  goodies 


BYTIM  GREENE   

THE  ENTERPRISE  version  of  Windows  8  will  include  a  list  of  exclu¬ 
sive  features,  among  them  a  desktop  that  is  bootable  from  a  USB 
stick,  a  standby  VPN,  a  caching  tool  to  boost  branch-office 
download  performance  and  upgraded  virtual  desktop  client. 

Windows  8  Enterprise  will  boast  Windows  to  Go,  a  man¬ 
ageable  Windows  8  desktop  on  a  USB  stick  that  enables  boot¬ 
ing  up  a  corporate  machine  securely  on  whatever  machine  is 
available,  according  to  the  Windows  for  your  Business  Blog. 

The  desktop-on-a-stick  is  meant  to  support  a  bring-your-own-device 
atmosphere  within  corporations,  where  workers’  machines  can  safely 
plug  into  corporate  networks  without  the  risk  of  infecting  other  devices. 

The  software,  which  includes  all  of  Windows  8  Pro  plus  some  extras, 
is  one  of  four  versions  that  will  become  available  later  this  year  or  per¬ 
haps  early  next  year:  Windows  8,  Windows  RT,  Windows  8  Pro  and 
Windows  8  Enterprise. 

The  enterprise  version  will  provide  DirectAccess,  an  auto-setup 
VPN  that  admins  can  use  to  patch,  update  and  set  policies  on  remote 


machines.  The  tool  supports  IPv4  as  well  as  IPv6,  Microsoft  says. 

Branch  Cache  enables  storing  content  from  corporate  servers  within 
branch  offices  so  when  it  is  called  for  repeatedly  it  doesn’t  have  to  cross 
the  WAN  over  and  over,  reducing  traffic  on  the  wire  and  improving 
response  time.  When  used  in  combination  with  Windows  Server 
2012,  which  is  available  later  this  year.  Branch  Cache  will  be 
easier  to  deploy  and  scale,  and  will  improve  security  as  well  as 
optimize  use  of  WAN  bandwidth  further. 

Virtual  desktop  capabilities  within  Windows  8  Enterprise 
rely  on  upgrades  to  Windows  Server  2012  and  Microsoft  Remote 
FX  that  support  bandwidth  intensive  3D  graphics  and  use  touch- 
enabled  devices  for  VDI  over  any  type  of  network. 

AppLocker  is  a  feature  that  can  be  configured  to  restrict  access  to  files 
and  applications  that  are  accessible  to  individuals  or  groups.  Windows 
8  Enterprise  also  includes  App  Deployment,  a  capability  that  enables 
side-loading  Windows  8  Metro  style  applications  onto  Windows  8  PCs 
and  tablets.  This  would  get  around  the  restrictions  on  Windows  RT 
hardware-software  bundles  that  allow  only  apps  from  the  Windows 
Store  to  be  loaded  on  the  machines.  ■ 
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The  sorry  state  of  federal  IPv6  support 

99%  of  US  government  websites  don’t  support  IPv6  as  deadline  looms 


BY  CAROLYN  DUFFY MARSAN 

U.S.  FEDERAL  government  agencies  must 
meet  an  aggressive  deadline  of  Sept.  30, 
2012,  to  deploy  IPv6  on  their  public-facing 
websites,  under  an  Obama  administration 
initiative.  But  with  less  than  five  months  to 
go,  more  than  99%  of  federal  websites  aren’t 
supporting  the  next-gen  Internet  Protocol  on 
their  DNS,  email  and  Web  services. 

The  Obama  administration  issued  a  direc¬ 
tive  in  fall  2010  that  requires  agencies  to  sup¬ 
port  IPv6  on  their  public-facing  Web  services 
by  the  end  of  this  federal  fiscal  year.  There  is 
a  second  step  to  the  mandate  that  requires 
agencies  to  support  IPv6  on  their  internal, 
operational  networks  by  Sept.  30,  2014.  It’s 
unclear  what  the  consequences  are  of  not 
meeting  the  mandates  will  be. 

Experts  say  federal  IPv6  deployment  has 
lagged  due  to  a  lack  of  support  for  the  emerg¬ 
ing  standard  by  government  contractors, 
including  carriers ,  content  delivery  networks 
and  their  network  equipment  suppliers. 

“Agencies  are  supposed  to  have  the  general 
Internet-based  services  that  are  available 
to  citizens  support  IPv6,”  said  Dale  Geesey, 
COO  at  government  contractor  Auspex  Tech¬ 
nologies,  at  last  week’s  North  American  IPv6 
Summit  in  Denver.  “It’s  a  big  challenge  from 
a  federal  perspective.” 

He  said  the  Federal  CIO  Council  has  an  IPv6 


task  force  that  meets  weekly  and  that  agen¬ 
cy’s  IPv6  transition  managers  are  meeting 
monthly  to  help  the  government  hit  this  goal. 

A  survey  conducted  weekly  by  the 
National  Institute  of  Standards  and  Tech¬ 
nology  (NIST)  shows  that  only  five  organi¬ 
zations  have  successfully  deployed  IPv6  on 
their  DNS,  email  and  websites  as  required 
by  the  mandate.  These  organizations  are:  the 
Department  of  Veterans  Affairs,  the  Envi¬ 
ronmental  Protection  Agency,  the  Defense 
Research  and  Engineering  Network,  Defense 
High  Performance  Computing,  and  the  Space 
and  Naval  Warfare  Systems  Command. 

In  total,  only  10  out  of  1,565  domains  oper¬ 
ated  by  federal  agencies  were  able  to  pass 
NIST’s  tests  for  IPv6  support  on  DNS,  email 
and  Web  this  week.  That’s  not  even  1%  of  the 
total  number  of  domains  tested. 

Ron  Broersma,  DREN  chief  engineer,  told 
the  North  American  IPv6  Summit  audience 
that  IPv6  is  ready  for  deployment.  “Secu¬ 
rity  and  performance  of  IPv6  is  equivalent 
to  IPv4,”  he  said.  “IPv6  deployment  doesn’t 
have  to  be  costly  if  you  use  tech  refresh  and  if 
you  don’t  procrastinate.” 

Broersma  said  one  challenge  for  federal 
agencies  is  that  some  of  the  carriers  they  are 
required  to  use  through  the  Networx  contract 
are  not  providing  sufficient  IPv6  services. 
Networx  is  an  umbrella  telecommunications 
contract  that  federal  agencies  must  use  to 


purchase  voice,  video  and  data  services. 

“One  [carrier]  won’t  have  it  until  the  end  of 
the  calendar  year,”  Broersma  said.  “Some  fed¬ 
eral  agencies  may  need  to  switch  ISPs,  which 
is  a  pretty  big  deal.” 

Broersma  said  two  federal  network  security 
efforts  —  the  Trusted  Internet  Connect  Initia¬ 
tive  and  Managed  Trusted  Internet  Protocol 
Services  —  also  are  behind  on  deploying  IPv6. 

Broersma  said  other  challenges  for  federal 
agencies  trying  to  deploy  IPv6  are  the  lack  of 
feature  parity  between  IPv4-  and  IPv6-based 
network  hardware  and  software,  as  well  as 
the  lack  of  support  for  Dynamic  Host  Con¬ 
figuration  Protocol  for  IPv6. 

“Existing  security  products  lack  IPv6  sup¬ 
port.  Mainstream  intrusion-detection  sys¬ 
tems  are  not  ready,”  he  added.  “But  we  have  a 
much  better  story  for  doing  network  manage¬ 
ment  over  IPv6  than  two  years  ago.” 

One  federal  agency  that’s  successfully 
deployed  IPv6  is  the  VA,  which  has  IPv6 
deployed  on  99%  of  its  websites.  Steve 
Pirzchalski,  IPv6  transition  manager  for  the 
VA,  said  the  agency  has  IPv6  support  for  its 
DNS,  SMTP/mail  and  Web  services  for  all  of 
the  websites  under  its  va.gov  domain. 

“We  did  get  our  gateways  transitioned, 
which  was  not  inconsequential.  We  launched 
our  main  website  —  wwwwa.gov  —  for  World 
IPv6  Day  last  June,  and  we’ve  had  continuous 
IPv6  operation  since  then,”  Pirzchalski  said. 

One  development  that  will  aid  federal 
agencies’  ability  to  meet  the  Obama  admin¬ 
istration’s  IPv6  mandate  is  the  availability  of 
production-quality  IPv6-to-IPv4  translation 
services  from  Akamai  Technologies.  Aka¬ 
mai,  a  leading  CDN,  says  it  will  launch  IPv6 
services  in  April.  Akamai’s  federal  customers 
include  the  Department  of  Defense,  the  Food 
and  Drug  Administration  and  the  Federal 
Emergency  Management  Administration. 

Another  development  expected  later  this 
month  is  the  release  of  Version  2.0  of  a  docu¬ 
ment  called  “The  Planning  Guide/Roadmap 
Toward  IPv6  Adoption  within  the  U.S.  Gov¬ 
ernment.”  The  original  version  of  this  docu¬ 
ment  was  released  in  2009. 

IPv6  is  an  upgrade  to  the  Internet’s  main 
communications  protocol,  IPv4.  IPv6  fea¬ 
tures  an  expanded  addressing  scheme  that 
can  support  billions  of  devices  connected 
directly  to  the  Internet.  But  IPv6  is  not  back¬ 
ward  compatible  with  IPv4,  which  is  run¬ 
ning  out  of  addresses.  Network  operators  can 
either  support  both  protocols  in  dual-stack 
mode  or  translate  between  the  two.  ■ 


►  Microsoft,  from  page  11 

Taking  advantage  of  features  in  the  Microsoft  platform  that  VMware’s  lacked  will  lead  to 
further  savings,  he  says.  Apartments.com  writes  its  own  customer-facing  Web  apps  using 
agile  software  development  methods  and  has  a  free-standing  development  network  that  is 
now  supported  by  System  Center  2012,  which  includes  a  new  component,  App  Controller. 

App  Controller  gives  developers  the  ability  to  set  up  virtual  machines  to  run  specific  ver¬ 
sions  of  applications  to  test  against  new  apps,  he  says.  They  don’t  have  to  wait  for  IT  to  do  it 
by  hand.  If  the  developers  are  on  a  tvvo-week  sprint  to  complete  an  application,  that  feature 
alone  could  save  10%  to  20%  of  the  time  it  would  take  otherwise,  he  says. 

“When  it  comes  into  play  it’s  going  to  be  big  for  things  that  have  to  happen  fast,”  Stratton 
says.  “We  can  get  a  product  out  that  is  more  stable  more  quickly.” 

This  is  one  of  the  goals  Microsoft  had  for  System  Center  2012,  says  Edwin  Yuen,  the  com¬ 
pany’s  director  of  cloud  and  virtualization  strategy.  The  platform  is  designed  to  encourage 
self-service  so  when  a  department  needs  more  resources  for  an  application,  they  can  spin 
up  additional  CPUs  or  virtual  machines  themselves,  he  says. 

In  order  to  accomplish  this,  the  management  software  is  compatible  with  multiple  hyper¬ 
visors  and  operating  systems  and  can  automate  configuration  and  the  handling  of  outages. 
So  if  a  virtual  machine  goes  down  System  Center  2012  can  automatically  respond  based 
on  preset  policies  to  deal  with  such  a  situation.  And  this  can  be  done  across  the  range  of 
available  resources  from  dedicated  servers  to  physical  and  virtual  machines  in  a  cloud,  the 
company  says.  With  this  type  of  management  and  automation,  staff  can  free  up  time  from 
mundane  chores.  ■ 
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►  Cisco,  from  page  1 
also  the  threat  it  poses  to  it. 

“Networking  is  about  to  be  reinvented  and 
Cisco  will  do  that  reinvention  of  networking,” 
says  Cisco  CTO  Padmasree  Warrior,  during 
an  interview  last  week  at  Cisco’s  annual  busi¬ 
ness  partner  conference.  “We  understand  the 
implication  of  what  is  good  about  it  and  what 
are  the  things  we  need  to  improve.” 

The  single  most  visible  aspect  of  Cisco’s  pro¬ 
grammability  strategy  -  the  company  seems 
careful  not  to  label  it  as  an  SDN  initiative  -  is 
Insieme,  the  Cisco-funded  startup  building 
what  is  believed  to  be  a  programmable  switch 
line  supporting  OpenStack  and  distributed 
data  storage.  Cisco  initially  invested  $100  mil¬ 
lion  in  Insieme,  with  the  right  to  purchase  the 
remaining  interests  of  the  company  for  up  to 
$750  million.- 

Other  facets  of  Cisco’s  programmabil¬ 
ity  strategy  include  adding  features  to 
its  NX-OS  data  center  network  operating 


HERE’S  A  QUICK  LOOK  AT  SOME  OF  THE  KEY  NEWS  OUT  OF  CISCO’S 
PARTNER  SUMMIT  IN  SAN  DIEGO  LAST  WEEK 

Cisco  next  month  said  it  will  release  router  software  designed  to  improve  cloud 
computing  connectivity  for  branch  offices.  Cisco  will  unveil  Cloud  Connect 
on  May  22,  said  CTO  Padmasree  Warrior  during  her  Cisco  Partner  Summit 
keynote  address.  Cloud  Connect  will  run  on  Cisco's  ISR  G2  and  ASR  1000 
routers,  and  provide  visibility,  security,  availability  and  performance  optimiza¬ 
tion  for  cloud  connectivity,  she  says.  The  software  is  designed  to  improve  the 
user  experience  with  cloud  and  simplify  operations,  Warrior  says.  Cisco  will 
demonstrate  the  software  at  the  Cisco  Live!  conference  in  June  as  well,  she 
says.  •  CEO  John  Chambers  confirmed  that  the  company  is  funding  and 
plans  to  absorb  Insieme,  a  start-up  developing  a  software-defined  network¬ 
ing  (SDN)  system.  Insieme  is  led  by  three  Cisco  engineers:  Mario  Mazzola, 
Luca  Cafiero  and  Prem  Jain.  The  three  led  two  other  Cisco  spin-in  start-ups 
—  Andiamo  Systems,  which  made  storage-area  network  switches,  and  Nuova 
Systems,  which  developed  Cisco’s  Nexus  5000  series  data  center  switches. 

•  Cisco  is  beating  back  the  competition  Chambers  said  during  his  opening 

address.  “I’m  not  so  sure  the  competition  is  getting  tougher,”  he  said.  “It’s 

not  as  tough  as  it  was  a  year  ago.”  Chambers,  of  course,  was  referencing 

the  past  12  to  18  months,  when  Cisco  went  through  a 

dramatic  restructuring  after  the  company  got,  in  his 

words,  “fat.”  Cisco  trimmed  more  than  12,000 

positions,  killed  or  downscaled  underperforming 

product  lines  and  markets,  simplified  opera-  4***,  IT 

tions  and  got  mean  -  at  the  competition.  “Juniper 

and  HP  are  not  any  tougher  than  they  were  a 

year  ago,”  he  said.  Juniper,  he  said,  is  guilty  of 

“marketing  ahead  of  where  they  were,  spreading 


themselves  too  thin.” 


—  Jim  Duffy 


MNot  all  customers  want 

programmability.  [A]  very  small 
subset  wants  programmability.  A  lot  of  our 
customers  are  happy  to  leave  everything 
to  us  to  allow  them  to  be  programmed. 


PADMASREE  WARRIOR,  CISCO  CTO 


Another  aspect  of  the  programmability 
strategy  is  to  do  nothing  to  let  customers  pro¬ 
gram  their  Cisco  networks. 

“Not  all  customers  want  programmability,” 
Warrior  says.  “[A]  very  small  subset  wants 
programmability.  A  lot  of  our  customers  are 
happy  to  leave  everything  to  us  to  allow  them 
to  be  programmed.  So  we  have  to  be  careful 
that  we  don’t  equate  software-defined  net¬ 
working  with  only  one  aspect  of  it.” 

Cisco’s  multipronged  approach  is  intended 
to  address  various  business  and  use  cases  its 
vast  installed  base  of  customers  face.  It  also 
includes  support  for  various  standard  and 
non-standard  techniques,  such  as  OpenStack 
and  OpenFlow,  but  is  not  founded  on  any  one. 

“OpenFlow  ...  we  look  at  it  as  one  way  to 
achieve  that  programmability,”  Warrior  says. 
“Certain  customers  want  to  experiment  with 
OpenFlow  and  we’ll  support  them  with  that. 
We  don’t  believe  it  defines  software-defined 
networking  or  programmability.  It  is  one  tool 
or  one  approach  to  do  that.  Similarly,  with  a 
software  controller  that’s  one  way  to  deploy 
network  services.  So  there  will  be  multiple 
ways  to  get  to  that  endpoint." 

Customers  with  “massively  scalable”  data 
centers  are  prime  targets  for  SDNs  to  manage 
increasing  “East-West”  traffic  flows  between 
server  racks  in  flatter  topologies  with  mul¬ 
tiple  active  links.  Warrior  says. 

“But  for  the  majority  of  enterprises,  it  isn’t,” 
she  says. 

So  Insieme  is  but  one  component  of  Cisco’s 
overall  programmability  strategy.  And  its 
products  aren’t  expected  for  another  two 
years,  at  least. 

But  sources  say  in  the  interim  —  over  the 
next  six  to  12  months  —  Cisco  is  expected  to 
unveil  new  products  with  SDN  capabilities 
that  make  the  network  more  programmable. 

And  on  the  network  commoditization 
threat?  Leadership  in  networking  is  much 
more  than  programmable  technology,  War¬ 
rior  points  out. 

“When  somebody  else  is  coming  up  with 
ideas,  you  drive  innovation  faster,”  she  says. 
“At  the  end  of  the  day  though,  networking  is 
an  infrastructure.  And  to  lead  in  that  market 
you  need  to  have  a  great  channel  and  great 
go-to-market  program.  You  won’t  be  able  to 
be  successful  in  the  marketplace  with  just 
technology.  This  is  where  Cisco  leads  every¬ 
body  else  in  the  industry.”  ■ 


system  for  “agility  and  scale,”  Warrior  says; 
getting  the  Nexus  and  Catalyst  switching 
lines  on  common  ASIC  and  software  road 
maps;  and  extending  the  road  map  of  the 
Nexus  lOOOv  virtual  switch,  which  Cisco 
claims  is  a  pioneer  in  SDNs. 

“Probably  the  first  software-defined  net¬ 
work  in  the  industry  was  the  Nexus  lKv,” 
Warrior  says.  “That  started  with  10  engi¬ 
neers  as  a  project  within  Cisco.” 

There  are  now  more  than  5,000  custom¬ 
ers  for  the  Nexus  lOOOv,  which  has  been 
shipping  since  2009. 
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TOOLS 

Google  AROUND,  network  scanning, 
a  nd  p  i  ngi  ng  with  TC  P 


e  start  this  week  with  areal 
geek  out:  If  you  have  ever  had  to 
weigh  the  benefits  and  tradeoffs 
of  Apache  as  an  application 
server  (for  example,  using  Tom¬ 
cat  vs.  node.js  (“a  platform  built 
on  Chrome’s  JavaScript  runtime 
for  easily  building  fast,  scalable  network  applica¬ 
tions”),  then  you  absolutely  have  to  watch  “Node.js 
Is  Bad  Ass  Rock  Star  Tech”  (it’s  NSFW  —  bad  words). 
Make  sure  you  watch  all  of  it . . .  the  end  is  great! 


Mark  Gibbs'  Gearhead 


So,  this  week  I  have  a  few  tasty  techie 
delights  to  please  your  palate. 

The  first  is  Google’s  AROUND.  Unless 
you’re  a  die-hard  Microsoftie  you  probably 
use  Google  quite  frequently  to  search  the 
Web  (does  anyone  still  use  Yahoo?)  and, 
being  the  well-informed  chap  or  chapess 
you  are,  you  likely  know  about  the  search 
operators  you  can  use,  such  as  to  exclude 

specific  words  or  phrases  and  “OR”  to,  well, 
“or”  words  and  phrases. 

But  here’s  an  operator  you  might  not  be 
aware  of:  the  “AROUND”  operator.  Accord¬ 
ing  to  the  Search  ReSearch  blog  written  by 
Daniel  M.  Russell,  AROUND  “has  been 
operational  for . . .  oh . . .  the  past  5  or  6  years. 
Turns  out  that  nobody  ever  bothered  to 
write  much  about  it.” 

A  good  example  of  how  to  use  AROUND 
is  given  in  one  of  the  comments  to  the  post¬ 
ing:  If  you  were  looking  for  [Paul  “the  dude” 
SMITH]  (we’re  using  Google’s  convention 
for  delimiting  search  terms  with  square 
brackets)  but  you  didn’t  know  his  alias  you 
could  search  [paul  AROUND(3)  smith]. 

“The  number,”  Russell  says,  “sets  the  max 
distance  between  the  two  terms.”  Pretty  slick. 

Next  up,  Advanced  IP  Scanner. 

If  you’re  on  Windows  and  you  find 
that  you  often  need  to  survey  your  TCP/ 


IP-based  network  to  find  out  what  devices 
are  running,  the  latest  version  of  Advanced 
IP  Scanner  published  by  Famatech 
(purveyors  of  the  fine  remote  access  utility 
Radmin)  is  a  must-have. 

Advanced  IP  Scanner  is  a  free  tool  that 
allows  you  to  scan  an  IP  address  range.  It’s 
very  fast  and  you  can  choose  whether  to 
show  “alive”  and/or  “dead”  addresses,  the 
device  manufacturer’s  name,  the  device 
MAC  address,  the  current  user  (if  available), 
the  associated  DNS  name  and,  optionally,  the 
NetBIOS  names  and  groups  the  device  uses. 
It  can  also  scan  for  shared  folders,  HTTP  and 


HTTPS,  and  FTP  services  and  Radmin  avail 
ability  and  can  save  scan  results. 

Advanced  IP  Scanner  is  incredibly  useful 
and  gets  a  Gearhead  rating  of  5  out  of  5. 

Then  we  have  tcping.  If  you  need  to  check 
if  a  single  TCP/IP  device  is  “alive”  you'll  most 
likely  launch  a  command  session  under 
Windows  and  “ping”  the  target  machine. 
What  Windows  ping  uses  to  check  on  a 
remote  machine  is  Internet  Control  Message 
Protocol,  or  ICMP.  Unfortunately,  to  foil  hack¬ 
ers  and  the  like,  net  admins  will  occasionally 
disable  responding  to  ICMP,  so,  to  test  if  an 
ICMP-blocked  device  is  alive,  you’ll  need  to 
use  some  other  protocol  such  as  HTTP. 

To  do  this  you  might  choose  another  free 
tool,  tcping,  published  by  Eli  Fulkerson. 
Fulkerson  describes  this  as  “a  small  console 
application  that  operates  similarly  to  ‘ping,’ 
however  it  works  over  a  TCP  port.  Not  a  ter¬ 
ribly  interesting  concept,  but  I  had  trouble 
finding  a  Windows  utility  to  do  this  that  I 
was  happy  with.”  I  love  this!  Very  useful, 
simple,  does  the  job,  and  gets  a  Gearhead 
rating  of  5  out  of  5.  ■ 

Gibbs  is  geeking  out  in  Ventura,  Calif.  Send 
your  techiness  to  gearhead@gibbs.com. 


PARITY  BITS 

$2,500 

Annual  cost  Savings  for  decommissioning  a  1U  server 

($500  in  energy  savings,  $500  in  the  OS  license, 

$1,500  in  hardware  maintenance).  SOURCE:  UPTIME  INSTITUTE 
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GADGETS 

Some  new 
devices  to 
mess  around 
with  Wi-Fi 

Keith  Shaw’s  Cool  Tools 


Hold  off  on  buying 
the  iZON  room 
monitor  just  yet. 


cable  was  located  on  the  night  stand  next  to 
the  bed,  not  near  the  desk). 

►  Some  caveats:  Changing  the  SSID  on 
the  device  from  the  default  setting  is  a  bit 
tricky,  and  there  are  no  additional  Ethernet 
ports  for  wired  LAN  connections  (in  case 
you  wanted  to  provide  mobile  workers  with 
additional  connection  choices). 

►  Grade  ★★★★ 


THE 

SCOOP 


iZON  Remote 
Room  Monitor 

by  Stem  Innovation,  about  $130 


►  What  it  is:  A  network-based  camera  that 
connects  via  Wi-Fi,  the  iZON  Remote  Room 
Monitor  lets  you  watch  rooms  in  your  house 
or  office  remotely.  The  monitoring  is  done 
via  the  StermConnect  iOS  app,  letting  you 
see  live  images  coming  from  the  camera, 
or  setting  up  motion-detection  or  sound- 
detection  alerts.  When  the  motion  or  sound 
is  detected,  the  clip  can  be  uploaded  to  your 
YouTube  account  as  well. 


►  Why  it's  cool:  This  device  and  app  were 
developed  first  for  mobile  devices,  unlike 
other  devices  that  rely  on  monitoring  via  a 
Web  browser  —  in  fact,  you  can’t  watch  your 
camera’s  feed  through  a  PC  browser  (the 
company  says  a  Mac  app  is  coming,  and  other 
methods  down  the  road).  The  small  device 

is  inconspicuous,  and  would  work  well  as  a 
baby  room  monitor,  or  if  you  have  a  second 
house  and/or  office  and  want  to  be  alerted 
if  the  device  detects  motion.  The  YouTube 
upload  option  is  also  a  nice  touch.  The  camera 
and  app  were  somewhat  easy  to  hook  up,  as 
long  as  you’re  using  an  802.11n  Wi-Fi  router 
with  WPA2  (not  WEP)  security. 

►  Some  caveats:  I  had  trouble  with  the 
motion  alert  and  YouTube  uploading;  sen¬ 
sitivity  adjustments  need  to  be  made  so  that 
you’re  not  constantly  getting  alerted  with 
very  tiny  motion  settings.  But  at  low  sensi¬ 
tivity  settings,  I  was  consistently  not  receiv¬ 
ing  alerts,  even  though  I  knew  motion  was 
going  on  (I  was  recording  video  in  the  office). 
The  device  and  app  are  a  work  in  progress; 
I’d  wait  until  Web  browser  monitoring  and 
other  settings  were  added  to  the  system. 


►  Grade  ★★★  (out  of  five). 


Wireless 
Dual-Band 
Travel  Router 

by  Belkin,  about  $80 

►  What  it  is:  This  small  device  provides 
a  wireless  router  capability  for  travelers, 
hooking  into  a  hotel’s  wired  Ethernet  con¬ 
nection  and  providing  wireless  connectivity 
for  tablets,  smartphones  and  notebooks.  The 
wireless  capabilities  allow  you  to  use  one 
connection  for  multiple  devices. 

►  Why  it’s  cool:  This  is  one  of  the  first 
devices  I’ve  seen  that  provides  dual-band 
(2.4GHz  and  5GHz  frequency)  connectivity, 
although  most  of  your  wireless  clients  are 
likely  on  2.4GHz.  Still,  as  more  devices  add 
5GHz  functionality,  having  this  option  for 
lower  interference  and  greater  bandwidth 
is  nice.  Even  if  you  only  plan  on  using  one 
notebook  in  your  hotel  room,  it’s  nice  to  have 
this  in  case  the  hotel’s  Ethernet  connection  is 
in  an  odd  place  (on  my  last  trip,  the  Ethernet 


►  Seagate  recently  updated 

the  firmware  of  its  GoFlex 
Satellite  external  hard  drive. 
With  its  internal  Wi-Fi  radio 
—  along  with  the  GoFlex  Media  app  for  iOS 
devices  —  you  can  store  a  ton  of  media  (pho¬ 
tos,  videos,  music)  on  the  external  storage 
drive  and  access  them  on  the  iPhone,  iPod 
Touch  or  iPad  via  the  Wi-Fi  connection.  The 
update  now  provides  an  ingredient  missing 
from  the  original  release:  The  Wi-Fi  on  the 
Satellite  can  connect  via  Wi-Fi  to  your  home 
router,  providing  pass-through  connections 
for  other  apps  on  the  iOS  device.  So  now,  you 
can  access  your  media  through  the  GoFlex 
Media  app,  but  you  can  also  browse  the 
Web  or  access  Netflix  through  your  home 
router’s  connection.  Before  this  update,  you 
had  to  keep  switching  your  Wi-Fi  settings  in 
order  to  multitask. 

This  update  makes  the  Satellite  a  5-star 
product,  and  a  must-own  for  any  iPad  or 
iPhone  user  who  doesn’t  want  to  clog  up  the 
device’s  internal  storage  space.  ■ 

Shaw  can  be  reached  at  kshaw@nww.com. 


UPDATE 


techdebate 

!!iIllli!iIIIII(iliil[ii!III(ItII!lIiiltiiilliil!!III!IiIiilliIIII!iliIIl(IIII!liIltiS!!l!li 


EXPERTS 
FACE  OFF 
on  the 
HOTTEST 
TOPICS 

I  iv  •:  ■  -‘X 

[lliiilfllliliMiMl! 


miiiiiiiiiiiiiimiiiiiiiiiiiiiim 


Is  broadband  stimulus  really  needed? 


THE  AMERICAN  RECOVERY  AND  REIN¬ 
VESTMENT  Act  of  2009  (ARRA)  set 
aside  $7.2  billion  to  bolster  construc¬ 
tion  and  use  of  broadband  Inter¬ 
net  access  throughout  the  United 
States.  The  act’s  intent  was  to  create 
short-term  economic  activity  and 
establish  infrastructure  that  would 
encourage  further  economic  devel¬ 
opment.  Because  broadband  plays 
such  a  critical  role  in  supporting 
and  enhancing  education,  health¬ 
care  and  public  safety,  ARRA  and 
broadband  stimulus  projects  like  it 
are  fundamental  investments  in  the 
American  economy  that  will  return 
dividends  for  years. 

Before  asking  whether  more 
stimulus  is  needed,  we  first  need  to 
stress  the  value  of  broadband  access. 
Value  is  not  constrained  to  data  rate, 
but  rather  is  about  the  applications 
high-quality  broadband  supports,  such  as  rapid  access  to  health¬ 
care  records,  distance  learning,  electronic  commerce  or  peta- 
scale  science.  The  value  of  quality  broadband  is  foundational  to 
a  modern  economy. 

The  Organisation  for  Economic  Co-operation  and  Development 
(OECD)  completes  an  annual  ranking  of  broadband  adoption  in  the 
world’s  major  industrial  economies.  In  2009,  the  U.S.  was  ranked 
15th  based  on  speed,  number  of  subscribers  per  household  and 
price.  The  U.S.  has  slid  from  a  top  position  since  2000,  not  because 
the  speed  available  to  consumers  has  decreased,  but  rather  because 
competitive  offerings  have  not  kept  pace  with 
changing  application  needs  and  technical  capability. 

OECD  contends  that  countries  such  as  Korea, 

Iceland,  Sweden  and  Canada  have  risen  to  top 
rankings  because  of  government  incentives.  We 
have  seen  other  nations  adopt  national  broad¬ 
band  initiatives  as  a  tool  to  increase  their  global 
competitiveness.  As  state-of-the-art  broadband 
changed  from  56Kbps  dial-up  to  faster  DSL,  cable 
or  optical  speeds,  other  economies  continued  to 
upgrade  their  broadband  infrastructure.  The  U.S. 
has  not  kept  pace. 

The  National  Telecommunications  and  Informa¬ 
tion  Administration  says  the  number  of  U.S.  house¬ 
holds  with  broadband  connections  ranges  from 
70%  penetration  in  urban  areas  to  57%  in  rural. 

The  Federal  Communications  Commission’s 

►  See  Alexander,  page  19 


THE  FEDERAL  GOVERNMENT  NEED 

NOT  “stimulate”  markets  which  are 
expanding  dramatically  on  their  own. 
In  recent  years,  we  have  witnessed 
an  amazing  proliferation  of  access 
to  broadband  Internet,  all  achieved 
without  the  heavy  hand  of  govern¬ 
ment’s  guidance.  While  gaps  in 
service  remain,  the  exorbitant  costs 
associated  with  filling  them  coun¬ 
sel  for  restraint,  not  ever-greater 
subsidies. 

If  broadband  access  were  not 
widespread,  this  might  be  a  more 
interesting  discussion.  But  it  is  wide¬ 
spread,  and  incredibly  so.  According 
to  projections  based  on  a  5,000-per¬ 
son  survey  conducted  by  the  Federal 
Communications  Commission  (FCC) 
in  its  2010  National  Broadband  Plan, 
200  million  Americans  have  land¬ 
line  broadband  service.  Little  more 
than  a  decade  prior,  that  number  was  just  8  million. 

But  building  from  scratch  to  a  market  where  2  of  every  3  Ameri¬ 
cans  have  adopted  broadband  services  in  10  years  only  tells  one 
part  of  the  story.  An  equally  important  metric  is  access.  Here,  the 
results  of  the  FCC  survey  are  even  more  staggering.  Though  not 
everyone  subscribes,  95%  of  people  have  landline  broadband  ser¬ 
vice  available  to  them,  and  fully  98%  have  access  to  3G  wireless 
broadband  service  through  mobile  phone  networks. 

If  access  is  this  pervasive,  what  are  we  stimulating?  These  statis¬ 
tics  seem  to  suggest  that  the  most  important  thing  we  could  do  to 
boost  adoption  rates  would  be  to  make  Americans 
richer  and  broadband  services  cheaper  —  both  of 
which  could  be  better  achieved  through  careful 
tax  and  regulatory  reform  that  fosters  greater 
economic  growth  than  through  another  stimulus 
plan. 

Even  Americans  who  live  in  remote  areas 
outside  the  reach  of  most  land-based  services 
can  choose  from  several  satellite  providers  that 
offer  speeds  of  1Mbps  (fully  18  times  faster  than 
dial-up)  for  $60  to  $70  per  month.  That’s  not 
hyper-fast  broadband  speed,  but  it  is  perhaps  a 
wiser  choice  than  spending  as  much  as  the  FCC 
estimates  it  would  cost  to  build  4Mbps  networks 
to  reach  these  remote  folks:  a  gulp-inducing  $24 
billion. 

Economist  Jerry  Ellig  of  the  Mercatus  Center 

►  See  Moyian,  page  19 


Lifeblood 
of  an 

information 

economy 


Stephen  Alexander, 
senior  vice  president 
of  products  and 
technology,  Ciena 


Is  broadband 
stimulus  needed? 


No  (29%) 


Cast  your  vote  and  see 
comments  at 
tinyurl.com/87cd5pc 


Broadband 
doesn’t 
need  gov’t 
‘stimulus’ 


Andrew  Moylan,  vice 
president  of  government 
affairs,  National 
Taxpayers  Union 
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►  Alexander,  from  page  18 

broadband  plan  set  out  to  address  this,  with  a  goal  of  delivering 
100Mbps  access  to  100  million  users  by  2020.  This  so-called  1002 
goal  is  based  on  reasonable  assumptions  of  historical  technology 
changes  and  application  uptake  over  the  past  10  to  IS  years.  Mak¬ 
ing  100Mbps  service  available  to  one-third  of  the  population 
will  result  in  better  access  to  information  and,  in  turn,  allow  for  a 
widely  distributed  information  workforce  that  contributes  to  the 
broader  economy. 

By  design,  ARRA  includes  incentives  for  adoption  by  commu¬ 
nity  anchors  such  as  educational  institutions,  healthcare  facili¬ 
ties,  public  safety  departments,  libraries  and  local  governments. 
This  allows  more  of  the  public  to  benefit  from  the  availability  of 
broadband-enabled  applications. 

Early  in  2012,  ARRA-funded  broadband  projects  were  well 
underway  across  the  country  with  many  examples  of  commu¬ 
nity  anchor  involvement.  For  example,  DC-CAN  is  a  Washington, 
D.C.,  area  network  that  will  bring  affordable  broadband  services 
to  more  than  250  healthcare,  educational,  public  safety  and  other 
institutions  in  underserved  areas  of  the  district.  Similarly,  the 
Navajo  Tribal  Utility  Authority  (NTUA)  is  constructing  fiber  and 
wireless  infrastructure  to  bring  broadband  service  to  roughly 
100,000  people  spread  over  a  vast  area  in  the  Southwest. 

The  Rural  Electrification  Act  of  1936  serves  as  a  precedent  for 
today’s  ARRA-funded  broadband  projects.  By  1936,  electricity 
was  ubiquitous  in  urban  centers  but  uncommon  in  rural  areas. 
Technologies  for  power  distribution  made  it  difficult  and  expen¬ 
sive  to  deliver  service,  and  utility  companies  had  little  reason  to 
invest  in  expanding  their  service  area.  Through  the  REA,  tech¬ 
nologies  were  developed  and  infrastructure  was  constructed 
that  made  power  universally  available,  resulting  in  better  agri¬ 
cultural  efficiency  and  contributing  back  to  the  U.S.  economy  to 
this  day. 

The  landscape  is  similar  today;  projects  such  as  DC-CAN  and 
NTUA  are  examples  where  government  investment  today  will 
result  in  technological  improvement,  infrastructure  construction 
and  long-term  benefit.  ■ 

Ciena  is  the  network  specialist,  collaborating  with  customers 
worldwide  to  unlock  the  strategic  potential  of  their  networks  and 
fundamentally  change  the  way  they  compete. 


►  Moylan,  from  page  18 

at  George  Mason  University  illustrates  just  how  costly  it  could 
be  to  do  things  the  FCC’s  way:  “That  $24  billion  ‘funding  gap’ 
also  deserves  comment.  That’s  the  amount  of  subsidy  the  [2010 
National  Broadband]  plan  estimates  will  be  required  to  make 
4Mbps  broadband  available  to  all  Americans.  If  you  read  the  plan 
carefully,  you  will  also  find  that  a  whopping  $14  billion  of  that  is 
required  to  bring  broadband  to  the  highest-cost  two-tenths  of  one 
percent  of  American  housing  units  —  250,000  homes  (see  page 
138  of  the  National  Broadband  Plan).  That  works  out  to  $56,000 
per  housing  unit!” 

Incredibly,  $56,000  would  be  enough  to  buy  satellite  Internet 
service  for  each  of  those  rural  households  for  the  next  66  years. 

Broadband  stimulus  is  an  incredibly  attractive  concept  to  some, 
but  the  fact  of  the  matter  is  that  broadband  expansion  has  been 
humming  along  without  it  and  several  subsidy  schemes  carry 
with  them  real  risks  for  taxpayers.  For  example,  millions  of  dollars 
from  the  2009  economic  “stimulus”  bill  have  been  devoted  to  so- 
called  “overbuilds,”  where  a  government-owned  network  is  built 
in  an  area  already  served  by  several  private  competitors.  These 
wasteful  ventures  do  very  little,  if  anything,  to  expand  access  and 
serve  primarily  to  squander  taxpayer  dollars  on  creating  a  retail 
business  run  by  inexperienced  bureaucrats. 

Politicians  may  not  get  to  star  in  any  of  their  ribbon-cutting  cer¬ 
emonies,  but  private  wireless,  satellite,  telephone  and  cable  com¬ 
panies  have  succeeded  in  spreading  high-speed  Internet  access 
to  nearly  every  American.  All  this  happened  largely  absent  sub¬ 
stantial  government  involvement  through  planning,  subsidies  or 
predatory  taxes  and  regulations. 

Rather  than  insisting  on  driving  us  down  the  road  to  prosperity 
in  a  taxpayer-funded  vehicle  with  a  poor  driver,  government  offi¬ 
cials  should  instead  focus  on  making  that  road  smooth  and  free  of 
obstacles  for  private  providers.  New  attempts  at  broadband  stimu¬ 
lus  promise  to  make  that  path  more  difficult,  not  less.  II 

The  362,000-member  National  Taxpayers  Union  (ntu.org)  is  a 
nonprofit,  nonpartisan  citizen  group  founded  in  1969  to  work 
for  lower  taxes,  smaller  government,  and  economic  freedom  at 
all  levels. 
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Wired  broadband  instead 

(3)  Stimulus  funds  should  be  used 
to  build  out  wired  broadband  to  rural 
America,  which  right  now  has  no  viable  op¬ 
tions  for  Internet  access.  Satellite  has  high 
latency.  If  wireless  broadband  is  available 
it  has  ridiculously  low  bandwidth  caps.  In¬ 
ternet  broadband  access  is  this  century's 
phone  and  electricity.  ETHAN  SELTZER 

A  worthy  goal 

@  Broadband  stimulus  has  a  worthy 
goal.  But  the  telcos  are  concentrating 
on  high-cost  wireless  build-outs  with 
unrealistic  costs  and  data  caps.  Only 
wired  or  non-telco  wireless  alternatives 


should  be  funded.  The  telcos  get  enough 
money  form  price-gouging  that  this  is 
really  questionable  and  needs  close 
control  and  scrutiny.  Priority  should  be 
given  to  non-telco  alternates.  J  ER  R Y13 

Malinvestment 

©  Any  "stimulus"  funds  are  going  to  be 
available  at  a  different  "cost"  than  the 
funds  available  otherwise.  This  causes  an 
unsustainable  distortion  in  what  is  being 
invested.  Either  more  is  built  than  will  be 
required,  and  that  excess  will  not  be  avail¬ 
able  where  it  would  otherwise  be  used,  or 
the  actual  needs  will  not  be  met  because 
resources  were  expended  elsewhere. 
Which  is  really  just  two  ways  of  looking  at 


the  same  problem.  That's  leaving  out  the 
fact  that  this  money  must  be  taken  from 
people  first,  through  taxation  or  inflation, 
which  they  would  otherwise  have  spent 
on  the  things  they  actually  wanted.  Some 
of  which  might  very  well  have  been  high¬ 
speed  data.  There  is  no  such  thing  as  "free 
money."  We’re  in  this  economic  slump 
because  of  the  incessant  interference 
in  the  money  supply  through  inflation, 
taxation  and  borrowing.  Just  because 
this  "free  money"  is  proposed  to.be  spent 
on  something  you,  and  I.  think  would  be 
"good"  doesn't  make  it  any  less,  an  interfer¬ 
ence,  a  malinvestment,  which  will  at  some 
point  be  liquidated  just  like  flipped  houses 
and  dot-com  boom  "linux"  companies 
without  actual  products.  BOB  ROBERT 
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Virtualization 
is  as  easy  as  1. 


Avaya  Virtual  Enterprise  Network  Architecture  (VENA) 

provides  everything  you  need  to  create  an  enterprise-wide  private  cloud  infrastructure,  built 
on  open  standards.  With  the  touch  of  a  button,  you  can  provision  next-generation  applications, 
easily  giving  your  users  access  to  the  tools  they  need,  anywhere  and  everywhere.  Your  network 
will  be  more  powerful  and  scalable,  with  dramatically  improved  performance  and  reliability. 

To  learn  how  Avaya  can  help  bring  your  business  into  the  collaborative  age,  visit  avaya.com/vena. 


©2012  Avaya  Inc.  All  rights  reserved. 
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IT  Transformation: 

Virtualizing  the  Enterprise 


IT  transformation  is  underway.  Brocade 
CTO  Dave  Stevens  explains  this  impor¬ 
tant  shift  and  what  it  means  to  networks. 

Can  you  describe  the  movement 
toward  virtualizing  the  enterprise? 

There  is  a  major  IT  transformation  un¬ 
derway,  which  is  perhaps  the  biggest  shift 
in  the  IT  space  that  we’ve  seen  since  the 
adoption  of  the  Internet.  It’s  driven  by  a 
number  of  external  trends,  such  as  the 
number  of  devices  that  are  plugged  into 
the  network— by  some  estimates  there  will 
be  more  than  25  billion  devices  out  there 
in  the  next  few  years.  And  at  the  other 
end  of  the  connection,  organizations  are 
continuing  to  build  big  data  centers  as 
the  cost  of  storage  and  processing  capac¬ 
ity  goes  down  and  data  center  networks 
become  more  capable,  higher  performing, 
and  less  costly.  Between  those  two  end 
points  you  have  to  connect  over  the  wide 
area;  and  over  the  years,  those  connec¬ 
tions  are  becoming  less  expensive  and 
massively  more  capable.  So  now  you  have 
an  environment  where  enterprises  are 
taking  advantage  of  new  infrastructures 
and  leveraging  the  technology  and  appli¬ 
cations  needed  to  support  an  organization 
that  is  distributed  over  wide  distances. 
Customers  are  going  to  use  a  combination 
of  internal  and  external  applications— the 
latter  coming  from  cloud  services,  and 
they’re  combining  those  internal  and  ex¬ 
ternal  resources  into  a  modern  IT  catalog 
that  can  support  all  users. 

What  are  the  characteristics  of  the  virtual 
enterprise  network? 

The  network  needs  to  be  able  to  run 
over  distances,  be  more  dynamic,  and  it 
must  emphasize  non-stop  operations.  If 
you  have  your  entire  organization  based 
on  applications  that  are  running  across 
the  network  infrastructure,  there  really 
isn't  a  good  time  to  bring  the  network 


down  for  maintenance.  Also,  applica¬ 
tions  must  be  optimized  to  run  on  the 
network  infrastructure.  For  example,  with 
virtualization,  the  internal  and  external 
network  must  be  optimized  to  support 
the  movement  of  virtual  machines  inside 
and  between  data  centers.  These  changes 
have  to  be  made  incrementally,  so  that 
customers  don’t  have  to  throw  out  net¬ 
work  investments  they've  made  in  the  last 
20  years.  We  need  to  use  new  technology 
and  processes,  but  also  leverage  assets  that 
exist  today. 

How  are  networks  changing  to  support 
these  new  requirements? 

Inside  the  data  center  there’s  a  big  transi¬ 
tion  going  on  with  the  adoption  of  modu¬ 
lar  applications,  like  virtualization,  where 
the  hierarchical  structure  of  the  tradition¬ 
al  data  center  doesn’t  operate  very  well.  So 
there’s  a  movement  in  the  industry  toward 
faster,  flatter  networks  inside  the  data  • 
center,  such  as  Ethernet  fabrics.  In  the 
broader  carrier  networks,  infrastructure  is 
being  built  to  support  the  high  growth  in 
traffic  patterns,  so  the  network  has  to  have 
much  higher  performance  and  lower  cost 
to  fit  this  new  model.  And  at  the  enter¬ 
prise  network  level,  these  networks  must 
be  designed  to  be  very  resilient,  automat¬ 
ed,  and  cheaper  to  operate. 

What  business  benefits  can  companies 
expect  to  gain  from  virtualizing  the 
enterprise? 

There  are  many:  greater  productivity, 
faster  time  to  market,  faster  implementa¬ 
tion  of  new  applications,  lower  costs,  and 
the  ability  to  create  a  strategic  advantage 
over  the  competition  by  using  an  array 
of  information  that  can  only  be  gained 
by  amalgamating  information  from  both 
local  and  remote  resources.  The  network 
is  really  the  glue  that  ties  all  these  services 
and  computing  infrastructures  together.  ■ 


Brocade  delivers  cloud-optimized  networks  for  today  and  tomorrow. 

Virtualization  and  on-demand  services  have  changed  both  the  way  business  works  and  the  way  your  network  needs  to  respond. 
Brocade  is  leading  this  transformation  with  cloud-optimized  networks  that  dramatically  simplify  infrastructure,  increase  efficiency, 
and  provide  scalability  so  you  can  deliver  applications,  services,  virtualized  desktops,  and  soon  even  entire  data  centers  anywhere 
on  your  network.  The  future  is  built  in.  Learn  why  90  percent  of  the  Global  1000  and  two-thirds  of  the  world’s  Internet  exchanges 
relyonBrocadeatbrocade.com/everywhere  '  • 
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One  of  the  premier  technology  shows  of 
the  year  once  again  hits  Las  Vegas  from  May  6-10 
and  many  of  the  themes  IT  leaders  grapple  with 
on  a  daily  basis  will  be  the  hot  topics  at  this  year’s 
forums  and  panel  discussions.  The  show  focuses 
on  nine  subject  areas  this  year  including:  cloud 
computing,  networking,  wireless  and  mobility, 
virtualization,  data  center,  storage,  collaboration, 
information  security  and  risk  management,  and 
IT  management.  Mobility  is  a  dominant  discus¬ 
sion  point  at  this  year’s  show,  though,  with  14 
sessions  on  the  topic. 

Organizers  of  the  show  are  expecting  similar 
numbers  this  year  to  last  year’s  13,000  attendees 
and  350  exhibitors,  says  Interop  General  Manager 


SUNDAY,  MAY  6  and  MONDAY,  MAY  7 

8:30  A.M.  TO  4:30  PM..  SUNDAY  AND  MONDAY 

Enterprise  Cloud  Summit 

Public  cloud,  private  cloud,  hybrid  cloud,  infrastructure 
as  a  service  and  platform  as  a  service  are  all  strategies 
for  executing  a  cloud  deployment.  But  which  is  right 
^  for  your  enterprise"?  As  part  of  this  two-day  summit.  IT 

■L-  leaders  will  learn  about  new  strategies  for  implementing 

alistair  croll  and  managing  different  types  of  clouds.  The  first  day  will 
focus  on  cloud  platforms,  specifically  laaS  and  PaaS, 
while  day  two  will  be  spent  discussing  private  clouds  and  big  data,  including 
exploring  tools  such  as  Hadoop,  Cassandra  and  Mongo. 
enterprise  cloud  summit  chairman  >  alistair  croll,  founder  and  prin¬ 
cipal  analyst,  Bitcurrent  private  clouds  instructor  >  barb  goldworm, 
president  and  chief  analyst.  FOCUS  big  data  instructor  >  jeremy  edberg, 
lead  cloud  reliability  engineer,  Netflix. 


Jennifer  Jessup.  Jessup,  who  is  managing  the 


8:30  A.M.  TO  4:30  P.M..  SUNDAY  AND  MONDAY 


show  for  the  first  time,  says  her  goal  is  to  con¬ 
nect  attendees  with  some  of  the  leading  thinkers 
in  technology  today  and  provide  a  forum  for  IT 
professionals  to  engage  with  others  about  ongoing 
issues  in  the  tech  world. 

There’s  a  lot  going  on  at  Interop  this  year,  so  if 
you  need  any  help  deciding  what  to  do  among  the 
dozens  of  speeches,  conferences,  panel  discus¬ 
sions  and  keynotes,  you’ve  come  to  the  right 
place.  Network  World's  guide  to  Interop  will  let 
you  know  the  picks  of  the  day,  and  other  recom¬ 
mended  sessions  to  attend. 

SEE  YOU  THERE! 


Principles  of  Effective  IT  Management 

Effective  IT  management  means  taking  an  IT  idea  for  managing  or  fixing  a 
problem  and  seeing  it  through  to  execution.  In  this  two-day  collaborative 
session,  IT  directors  and  managers  will  learn  how  to  improve  efficiency  in 
the  IT  department,  identify  policy  areas  to  focus  on,  and  learn  how  to  man¬ 
age  relationships  with  employees,  managers  and  end  users. 

PRINCIPLES  OF  EFFECTIVE  it  MANAGEMENT  INSTRUCTOR  >  THOMAS  RANDALL, 

operations  vice  president,  BT  Americas. 


TUESDAY,  MAY  8 

O  PICK  OF  THE  DAY 

8  A.M.  TUESDAY  MORNING  KEYNOTES  FEATURING: 

Padmasree  Warrior 

The  general  sessions  of  Interop  kick  off 
Tuesday  morning  with  a  power-packed  trio  of 
keynote  speakers,  headlined  by  Padmasree 
Warrior,  CTO  of  Cisco,  who  will  discuss  how 
IT  executives  are  dealing  with  three  major 
macro  industry  trends  —  mobility,  cloud  and 
video  —  along  with  the  top  three  business 
mega  trends  —  business  volatility,  personaliza¬ 
tion,  global  transformation.  Also  on  Tuesday 
morning,  high-ranking  officials  from  Zynga  and 
Avaya  will  share  their  thoughts  on  the  state  of 
the  technology  industry. 

KEYNOTE  SPEAKERS  >  PADMASREE  WARRIOR,  CTO 
of  Cisco;  allan  leinwand,  CTO  for  infrastruc¬ 
ture,  Zynga;  marc  randall,  senior  vice  president 
and  general  manager  of  networking,  Avaya. 
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MovinCool 

SAVESAnother 

OVERHEATING 

Data  Room 


Matt  Steding,  Allina  Medical  Clinic’s  Maintenance 
Manager,  kept  his  data  room  cool  in  extreme 
weather  with  the  MovinCool  ceiling-mount  CM25. 


“The  CM25  has  all  the 
features  we  need  —  plus 
an  affordable  price.” 


To  read  more  about  Matt’s  application 
story,  visit:  MovinCool.com/Allina 


Scan  to  see  the  top  50  reasons 
why  MovinCool  products  are  the 
highest  quality  in  the  industry. 
MovinCool.com/50Reasons 


When  a  “mission  critical”  data  room  became  a  “hot  spot”  after 
several  upgrades,  Matt  Steding  kept  his  cool.  “The  extreme 
weather  puts  an  extra  load  on  external  compressors  and 
condensers  —  which  increases  maintenance  costs.”  Which  is  why 
he  chose  the  more  innovative,  cost-effective  solution:  MovinCool’s 
self-contained,  ceiling-mounted  CM25  air  conditioner. 


In  addition  to  MovinCool’s  reputation  for  performance  and 
reliability,  Steding  was  impressed  by  the  CM25’s  high  sensible 
cooling  capacity  of  18,900  Btu/h,  its  seasonal  energy  efficiency 
ratio  (SEER)  of  14  and  its  compact  dimensions.  Sitting  just  20 
inches  high,  it  easily  fit  into  the  ceiling  space  above  the  data  room. 
“The  CM25  has  all  the  features  we  need  —  plus  an  affordable 
price.”  From  mission  critical  computer  room  cooling  applications 
to  manufacturing  process  and  people,  MovinCool  is  the  solution. 


Check  out  our  complete  line 
of  Ceiling-Mount  solutions. 


MCVINCOOL 

THE  #1  SPOT  COOLING  SOLUTION 


800-264-9573  I  MovinCool.com 
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10:15  A.M. 

Data  Centers: 

The  Next  12-18  Months 

With  all  the  talk  of  virtualization,  cloud 
computing.  BYOD  and  security,  enter¬ 
prise  executives  still  have  to  worry  about 
their  core  infrastructure.  Learn  from  a 
panel  of  experts  about  how  the  data 
center  can  and  will  change  in  the  next 
year  and  a  half. 

panelists  >  mike  fratto,  editor,  Network 
Computing ;  dave  peters,  manager  of 
system  Integration  at  Environmental 
Systems  Research  Institute;  kurtmarko, 
IT  journalist,  Network  Computing, 
john  burke,  principal  research  analyst, 
Nemertes  Research. 

11:30  A.M. 

Securing  Social  Media 
in  the  Enterprise 

What  social  media  policy  is  appropri¬ 
ate  for  your  business?  Should  access 
to  social  media  be  restricted?  How  can 
an  enterprise  be  protected  from  threats 
posed  by  social  media,  such  as  malware 
or  social  media  attacks?  These  ques¬ 
tions  and  more  are  the  topics  of  this 
discussion. 


speaker  >  Nicholas  arvanitis,  security 
consulting  services,  Dimension  Data. 

12:15  P.M. 

Open  Source  & 
the  Enterprise  — 

Presented  by  Rackspace 

There's  been  a  lot  of  talk  about  open 
source  vs.  proprietary  offerings  recently, 
especially  in  the  cloud  space.  How  do 
enterprises  know  which  way  to  go?  In 
this  panel  discussion,  hear  from  some 
of  the  leading  backers  of  the  OpenStack 
cloud  movement. 

speaker  >  soo  choi,  director  of  opera¬ 
tions,  Rackspace  Cloud  Builders. 

1P.M. 

Afternoon  keynotes 

Hear  from  top  officials  at  Google  and 
Dell  about  technology  trends  impacting 
enterprises  today. 

KEYNOTE  SPEAKERS  >  DARIO  ZAMARIAN, 

vice  president  and  general  manager  of 
networking,  Dell;  Jonathan  rochelle, 

vice  president,  Google  Enterprise;  bill 
chang,  executive  vice  president  of  busi¬ 
ness  group,  Singapore  Telecommunica¬ 
tions  Limited. 


2:30  PM. 

Modern  Two-Factor 
Authentication: 

Defending  Against  Today’s 
User-Targeted  Attacks 

The  bad  guys  are  constantly  coming  up 
with  new  ways  to  penetrate  IT  infrastruc¬ 
tures,  so  how  are  enterprises  supposed 
to  keep  up  to  date  with  the  latest  in 
security  features?  One  answer  could  be 
two-factor  authentication,  but  even  that 
comes  with  its  costs  and  concerns.  This 
panel  will  discuss  the  evolution  of  two- 
factor  authentication  and  provide  insight 
on  the  latest  security  measures  today. 
speaker  >  dug  song,  CEO,  Duo  Security. 

3:45  PM. 

Completing  the  Mobile  Vision: 
Mobile  Unified  Communications 

Mobile  is  the  wave  of  the  future,  but  cre¬ 
ating  a  unified  communications  platform 
is  easier  said  than  done.  In  this  session, 
learn  how  unifying  landlines,  cellular, 

Wi-Fi  and  voicemail  into  a  single  man¬ 
aged  services  can  help  control  costs  and 
create  a  competitive  advantage. 

PANELISTS  >  ZEUS  KERRAVALA,  ZK 
Research;  johnroese,  Huawei 


More  Reliable  Jiasier  lb  Manage 


PThe  industry’s  only  data  center  rack-level 

power  system.  Only  from  Server  Tech. 

ie  world’s  most  reliable  power  distribution  units.  You  also 
3r  power  monitoring,  management  and  analytics,  for  multiple 
you  want  to  auto  discover,  group  configure  and  manage  your 
vork  from  a  user  friendly  dashboard.  You  need  Server  Tech’s 

lystem. 

.  We’ve  combined  our  Sentry  PDUs  with  our  award-winning 
Manager  to  give  you  one  incredible  critical  system.  Featuring  our 
’  technology  with  “Plug  &  Play”  functionality,  you  can  configure 
lusands  of  PDUs  with  a  mouse  click.  You  get  an  entire  system 
e  energy  efficiency,  uptime  and  ROI. 
jntry  Power  System™. 

erver  Tech.  Learn  more  today  at  www.servertech.com 

W  Server  Technology 

Quality  Rack  Power  Solutions 
www.servertech.com 

...  .,  ...  n  ii_  ««r4  1-800-835-1515 

Visit  us  at  Interop,  Booth  2351 


26  APRIL  23, 2012  www.networkworld.com 


©2012,  Server  Technology.  Inc. 


iiii  ii  1 111 1 1  mini  iiiii  ii  111  ii  111  ii  iiiiiimiiiim  111  nun  iiiii  min  min  nun  111  iii  111  mi  iimi  in  iii  111 1  ii  mi  ii  i  mi  111  iii  111  ii  i  ill  mum  i 


Technologies;  david  ginsburg  Extreme 
Networks;  michael  smith,  Cisco. 

8  P.M. 

After  Hours  Tweet-Up 

Still  haven't  had  enough  after  the  first  full 
day  of  general  conferences?  Monitor  Twit¬ 
ter  throughout  the  day  for  the  #lnterop 
hashtag,  which  will  announce  where  the 
after  Hours  Tweet-Up  will  be  taking  place. 

WEDNESDAY,  MAY  9 

8:30  A.M. 

Wednesday 
morning  keynote 

Join  a  jam-packed 
90-minute  morning 
keynote,  which  will 
include  insights  from 
VMware  CTO  and 
Senior  Vice  President 
of  R&D  Steve  Herrod.  as  well  as  a  panel 
discussion  featuring  some  of  the  top 
cloud  vendors,  including  Rackspace  and 
Terremark.  Plus,  hear  a  case  study  by 
DreamWorks  Animation  of  how  the  firm 
has  leveraged  the  HP  cloud. 


KEYNOTE  SPEAKERS  >  STEVE  HERROD, 

CTO  and  senior  vice  president  of  R&D, 
VMware;  derek  chan,  head  of  global 
technology  operations,  DreamWorks 
Animation;  bethany  mayer,  senior  vice 
president  and  general  manager  of 
HP  Networking  keynote  panelists  > 
alistair  croll,  founder,  Bitcurrent;  ste- 
ven  shalita,  vice  president  of  marketing, 
NetScout  Systems;  john  engates,  CTO 
of  Rackspace;  ellen  rubin,  vice  presi¬ 
dent  of  cloud  products,  Terremark. 

10:15  A.M. 

Enabling  Endpoints 
for  Collaboration: 

Hardphones,  Softphones, 
Mobiles 

Who  should  get  what  device?  What 
should  your  BYOD  strategy  be,  and  how 
will  you  support  it?  Enterprises  will  fea¬ 
ture  a  mix  of  communications  devices 
into  the  future,  and  this  session  will  offer 
insights  on  how  to  manage  it  all. 

PANELISTS  >  ROBIN  GAREISS,  executive 

vice  president  and  founder,  Nemertes 
Research;  pejman  roshan,  vice  president 
of  mobility,  ShoreTel;  jack  jachner,  vice 
president  of  business  development  for 
OpenTouch,  Alcatel-Lucent. 


11:30  A.M. 

The  Future  of  the  ‘Desktop’  or 
the  ‘Desktop’  of  the  Future 

With  the  proliferation  of  mobile  comput¬ 
ing,  users  want  access  to  their  desktops 
even  when  they're  not  at  their  desk.  This 
panel  will  discuss  what  the  future  holds 
for  the  desktop  and  how  technologies 
such  as  thin  or  zero  clients,  hypervisors, 
virtual  desktops  and  cloud  services  can 
be  implemented,  plus  what  infrastructure 
is  needed  to  support  them. 
panelists  >  barb  goldworm,  presi¬ 
dent  and  chief  analyst,  FOCUS;  glenn 
wilson,  product  management,  Google; 
john  burke,  principal  research  analyst, 
Nemertes  Research;  phil  Montgomery, 
senior  director  of  desktop  product  man¬ 
agement,  VMware. 

2  PM. 

Do  you  know  your  enemy? 
Incorporating  Security  Intel¬ 
ligence  and  Adversary  Centric 
Analysis  into  Information  Risk 
Management 

One  important  aspect  of  developing 
a  security  strategy  is  knowing  who  is 
attacking  you  and  what  they're  capable 


Sniff  out  the  root-cause 
of  network  bottlenecks. 
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of.  This  session  will  run  through  the  skill 
sets  of  various  attacking  methods  and 
tools  to  help  prevent  them. 

speaker  >  josh  corman,  director  of  threat 
intelligence,  Akamai. 

O  PICK  OF  THE  DAY 

2  P.M. 

OpenFlow  and  Software 
Defined  Networks:  What  are 
they  and  why  do  you  care? 

OpenFlow  and  SDNs  are  a  new 
approach  to  network  design,  but  are 
they  right  for  your  enterprise?  Learn 
about  what  OpenFlow  and  SDNs  are  and 
what  problems  they  solve. 
panelists  >  jim  metzler,  vice  president, 
Ashton  Metzler  &  Associates;  rakesh 
saha,  director  of  product  manage¬ 
ment,  IBM;  matthew  davy,  chief  network 
architect,  InCNTRE;  isabelle  guis,  vice 
president  of  marketing,  Big  Switch 
Networks. 

3:15  PM. 

Big  Data?  No.  Big  Decisions 
Are  What  You  Want 

Big  data  is  one  thing;  getting  actionable 
information  from  that  data  is  another. 


This  session  will  run  through  what  big 
data  is,  how  it  should  be  archived  for 
retrieval  and  how  it  can  be  used  to  drive 
important  decisions. 

speaker  >  stuart  miniman,  senior  analyst, 
Wikibon. 


THURSDAY,  MAY  10 

9  A.M. 

Integrating  Social  Software  into 
Contact  Centers  and  Elsewhere 
in  Enterprise  Communities 

Social  media  networks  such  as  Face- 
book  and  Twitter  can  create  valuable 
direct  connections  between  customers 
and  the  contact  center.  In  this  session, 
a  panel  of  experts  will  discuss  how  this 
can  be  done  effectively  and  be  inte¬ 
grated  into  current  operations. 

PANELISTS  >  SHEILA  MCGEE-SMITH,  presi¬ 
dent.  McGee-Smith  Analytics;  michael 
smith,  director  of  market  management 
collaboration  applications,  Cisco;  laura 
bassett,  director  of  marketing,  emerg¬ 
ing  products  and  technology,  Avaya; 
lisa  abbott,  senior  product  marketing 
manager  for  social  media  and  e-services, 
Genesys. 


10:15  A.M. 

Security  Automation: 
Connecting  Your  Silos 

Security  strategies  for  some  enterprises 
in  the  past  have  involved  multiple  unique 
technologies  protecting  various  aspects 
of  the  network.  But,  standards-based  sig¬ 
naling  can  instead  create  an  automated, 
intelligent  network  security  infrastructure 
that  incorporates  components  of  previ¬ 
ous  systems.  Learn  how  it  works  in  this 
session. 

speaker  >  lisa  lorenzin,  principal  solu¬ 
tion  architect,  security  and  mobility. 
Juniper  Networks. 

11:30  A.M. 

Do  Mobile  Operating 
Systems  Still  Matter? 

This  session  will  examine  the  real  dif¬ 
ferences  between  the  various  mobile 
operating  systems  and  what  impact  they 
have  on  enterprise  IT. 

PANELISTS  >  MICHAEL  BRANDENBURG, 

industry  analyst.  Frost  &  Sullivan;  Andrew 
braunberg,  research  director,  Cur¬ 
rent  Analysis;  Christian  kane,  analyst, 
Forrester  Research;  adam  blum,  CEO, 
Rhomobile. 
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Sensaphone  Remote  Monitoring  Products 

use  redundant  communication  paths,  built  in  battery 
backup,  and  supervised  sensors  to  make  sure  that  when 
something  goes  wrong  in  your  computer  room 
you  get  the  message. 


Notification  Via: 

•  Voice  Phone  Call  •  E-Mail 

•  Text  Message  •  SNMP  Trap 

•  Pager  •  Fax 

Get  your  FREE  application  guide  now 


SENSAPHONE  877-373-2700 

REMOTE  MONITORING  SOLUTIONS  www.sensaphone.com 


SENSAPHONE 


MADE  IN  THE 
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Enter  to  win  a  Kindle  Fire  by  attending 
the  below  FREE  educational  session 

Strategies  for  Managing  Distributed  IT 
Environments" 

Date:  Tuesday,  May  8 
Time:  12:15  p.m.  - 1:00  p.m. 

Room:  Mandalay  Bay  J 
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NetShelter  CX  enclosure 
solution  includes  everything  you 
need  to  house  a  highly  reliable 
IT  deployment  regardless  of  k-TIJi 
space  limitations. 


Expand  your  IT  capabilities, 
not  your  real  estate 
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APC  by  Schneider  Electric  helps  you  deploy 
your  IT  whenever  and  wherever  you  need  it 

Is  your  lack  of  IT  space  a  barrier  to  adopting  new  technologies? 

Consolidation,  virtualization,  network  convergence,  blade  servers  —  these  new  technologies 
improve  efficiency,  cut  costs,  and  allow  you  to  “do  more  with  less.”  But  they  also  bring  power, 
cooling,  and  management  challenges,  especially  when  you’re  tasked  with  deploying  your  IT 
without  dedicated  space.  You’re  relying  on  guesswork,  depending  on  building  air  conditioning, 
or  improvising  remedies.  So,  how  can  you  increase  the  level  of  reliability  and  control  of  your 
server  deployment  without  spending  a  fortune? 

The  availability  you  need  —  without  the  IT  room 

APC™  by  Schneider  Electric™  understands  the  challenges  of  delicately  matching  IT  needs 
with  logistical  realities.  Fortunately,  we  have  adaptable  and  flexible  solutions  that  provide 
everything  for  your  IT  deployment:  reliable  and  efficient  power,  cooling,  monitoring,  and 
management.  Whatever  your  logistical  or  space  constraints,  we  have  a  total  solution  to  meet 
your  specific  needs.  All  components  have  been  pre-engineered  to  work  together  and  integrate 
seamlessly  with  your  existing  equipment. 

Future-proof  your  IT  deployment 

There’s  no  need  for  confusing  cooling  configurations  or  expensive  mechanical  re-engineering, 
so  our  modular,  “pay-as-you-grow"  designs  let  you  be  1 00  percent  confident  that  your  IT 
capabilities  can  keep  pace  with  ever-changing  demands.  Self-contained  cooling,  high-density 
enclosures,  rack-level  power  distribution  and  monitoring  sensors,  and  integrated  management 
software  provide  complete  remote  control  and  unprecedented  visibility  into  your  entire  IT 
system.  Simply  add  power  protection  (such  as  undisputed,  best-in-class  Smart-UPS™  or 
Symmetra™  units),  and  you  have  a  total  solution  for  today,  tomorrow,  and  beyond. 

Learn  how  to  reduce  cooling  expenses  with  our 
FREE  cooling  efficiency  kit  and  enter  to 
win  1  of  5  Smart-UPS  units  (SMX1000)! 

Visit  www.apc.com/promo  Key  Code  n547v  •  Call  888-289-APCC  x6388 


Infra^truxure 

O  Enclosures  Vendor-neutral 
NetShelter™  SX  rack  design 
handles  high-density  airflow 
and  power  needs. 

@  Power  Ultra-reliable  Smart- 
UPS  and  Symmetra  UPS  units 
offer  scalable  runtime,  and 
PDUs  are  rack-mounted. 


^  Environmental  monitoring  and  management 

PoE-enabled  temperature  sensors  let  you  keep  an  eye 
on  conditions  at  the  rack  level,  and  centralized  software 
gives  you  real-time  insight  into  the  entire  system. 


The  NetShelter  CX  Office 
enclosure  is  available  in  three 
sizes:  18U,  24U  and  38U. 


Expand  your  IT  capabilities  without  building  out 

The  unique,  soundproof,  self-contained  NetShelter  CX 
enclosure  solution  includes  everything  you  need  to  house  a 
highly  reliable  IT  deployment  regardless  of  space  limitations. 


by  Schneider  Electric 


©2012  Schneider  Electric.  All  Rights  Reserved.  Schneider  Electric,  APC.  Symmetra.  Smart-UPS,  NetShelter,  and  InfraStruxure  are  trademarks  owned  by  Schneider  Electric  Industries  SAS  or 
its  affiliated  companies.  All  other  trademarks  are  the  property  of  their  respective  owners,  email:  esupport@apc.com  •  132  Fairgrounds  Road.  West  Kingston,  Rl  02892  USA  •  998-4723JJS 


CLEAR  CHOICE  TEST:  NEXT-GENERATION  FIREWALLS  (PART  1) 


Fast-forwarding  firewall  faceoff 


SonicWall  comes  out  on  top  in  performance  tests,  but  tra 


BY  DAVID  NEWMAN 


ext-generation  firewalls  claim  to 
identify  application-layer  attacks 
and  enforce  application-specific 
policies  while  delivering  top-notch 
performance,  even  with  advanced 
security  features  turned  on. 

In  the  first  installment  of  this  two-part 
Clear  Choice  test,  we  tackle  the  performance 
issue,  evaluating  NGFWs  from  Barracuda, 
Check  Point,  Fortinet,  and  SonicWall  (recently 
acquired  by  Dell).  On  May  7,  we’ll  present  Joel 
Snyder’s  analysis  of  the  features  and  functional¬ 
ity  of  these  same  devices. 

Our  overall  conclusion  is  that  next-gen  fire¬ 
walls  are  getting  faster,  and  the 
speed  and  security  is  definitely  getting 
but  it’s  still  there. 

While  all  devices  moved  traffic  at 
rates  while  doing  application  inspection,  forward¬ 
ing  rates  fell  when  we  offered  SSL  traffic,  and 
plummeted  when  we  turned  on  SSL  decryption. 

In  our  tests,  SonicWall’s  SuperMassive,  the 
most  expensive  of  the  four  products,  moved  traf¬ 
fic  the  fastest,  even  when  forwarding  SSL  traffic. 
In  multiple  cases  it  maxed  out  the  capabilities  of 
our  test  bed.  For  example,  when  doing  applica¬ 
tion  inspection  of  cleartext  traffic,  it  moved  traf¬ 
fic  at  or  near  20Gbps.  That’s  even  faster  than 
Palo  Alto’s  PA-5060,  which  hit  17Gbps  in  a  test 
we  conducted  last  year. 

Fortinet’s  FortiGate  3950B 
also  pushed  the  limits  of 
our  test  bed  and  finished 
a  close  second  to  Sonic¬ 
Wall  in  tests  involv¬ 
ing  cleartext  traf¬ 
fic.  It  also  handled 
slightly  more  TCP 
connections  than  the 
SonicWall  device. 


-  ; 


NETRESULTS  liiiiimimitiiiiiiiiimmiiiiiiiif  iiiiiiiiiiiiiimiimmiiiniiiiiiiiiiiiiiiiiiiiiiimimiiimmii 


Product 

NG  Firewall  F900 

Check  Point  12610 

FortiGate  3950B 

SuperMassive  E10800 

Company 

Barracuda  Networks 

Check  Point  Software 

Fortinet 

SonicWall 

Cost 

Base  unit,  $32,999;  8-port 
Gigabit  copper  module, 
$1,649;  2-port  10G  Ethernet 
SFP+  module,  $4,699 

12610  appliance, 

$65,000;  management 
appliance,  $25,000 

Base  unit,  $79,995; 
additional  2-port  10G 
module,  $23,995 

Base  unit,  $198,000;  with 

IPS,  anti-malware  and 
application  control,  $261,400 

Pros 

Application  inspection 
at  up  to  12Gbps 

Highest  SSL  decryption 
rates 

High  transfer  rates  for 

Web  traffic;  highest  TCP 
connection  capacity 

Fastest  performer  overall;  highly 
scalable  as  user  count  grows 

Cons 

High  cost  to  enabling 

IPS  and  UTM;  lower  TCP 
scalability  than  others 

UTM  features  exact  a 
performance  cost 

Significantly  slower 
with  SSL  traffic 

Most  expensive  system  tested 
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There  was  no  performance  slowdown  with 
either  the  SonicWall  or  Fortinet  devices  when 
IPS  and  unified  threat  management  (UTM) 
were  turned  on.  Conversely,  turning  on  IPS 
and  UTM  in  the  Barracuda  and  Check  Point 
systems  carried  a  heavy  performance  cost. 

Check  Point  ran  away  with  our  toughest 
test.  The  Check  Point  12610  proved  by  far  the 
fastest  at  SSL  decryption  across  all  device 
configurations  and  was  the  only  system  to 
break  the  lGbps  barrier  (the  SonicWall  device 
ran  faster,  but  only  when  we  changed  our  test 
configuration  to  offer  more  flows). 

Barracuda,  the  lowest-cost  device  in  our 
test,  delivered  a  solid  12Gbps  when  we  mea¬ 
sured  cleartext  throughput  using  mixed  con¬ 
tent  types. 

Mixed-content  loads 

We  measured  forwarding  rates  for  mixed  and 
static-length  HTTP  and  SSL  content;  rates 
with  SSL  decryption  enabled;  and  TCP  seal- 
ability.  We  put  the  greatest  emphasis  on  the 
mixed  HTTP  tests,  because  they  most  closely 
approximate  the  loads  handled  by  firewalls 
in  enterprise  networks. 

A  key  goal  was  to  compare  results  with 
those  of  the  Palo  Alto  PA-5060,  which  we  eval¬ 
uated  in  2011  using  the  same  methodology. 

The  mixed-content  tests  involved  a  variety 
of  object  sizes,  like  enterprise  traffic,  ranging 
from  1KB  to  1.536MB,  and  a  variety  of  content 


types,  including  .jpeg  images, 

PDF  documents,  binary  files  and 
text  objects. 

We  set  up  the  Spirent  Ava¬ 
lanche  traffic  generator  to  offer 
this  mixed-content  load  to  each 
NGFW  in  three  different  modes: 
as  a  firewall  only;  as  a  firewall 
and  IPS;  and  as  a  UTM  device  with  all  func¬ 
tions  enabled  (firewall,  IPS,  antispyware,  and 
antivirus  [anti-bot  in  Check  Point’s  case]). 
For  all  three  modes,  we  offered  both  cleart¬ 
ext  Web  and  SSL  traffic.  We  also  ran  separate 
tests  involving  decrypted  SSL  traffic,  to  be 
discussed  later. 

These  NGFWs  always  had  application 
inspection  enabled.  The  ability  to  classify 
traffic  and  make  forwarding  decisions  at 
the  application  layer  is  what  distinguishes 
NGFWs  from  previous-generation  firewalls, 
IPSs  and  other  security  devices. 

NGFWs  generally  run  fastest  when  they 
function  as  straight  firewalls  handling  unen¬ 
crypted  traffic  (see  graphic  below).  In  terms 
of  combined  forwarding  rate  (adding  incom¬ 
ing  and  outgoing  traffic  rates),  SonicWall’s 
SuperMassive  was  fastest,  followed  closely 
by  Fortinet’s  FortiGate  3950B.  Both  products 
moved  cleartext  traffic  at  or  near  20Gbps,  the 
highest  rate  possible  in  one  direction  on  our 
test  bed.  (All  systems  had  four  10G  Ether¬ 
net  interfaces,  with  servers  on  one  side  and 


clients  on  the  other.) 

Both  the  SonicWall  and 
Fortinet  devices  came  close  to 
maxing  out  the  test  bed’s  net¬ 
work  capacity  not  only  in  the 
firewall-only  tests  but  also 
when  configured  with  IPS 
and  antivirus/anti-spyware 
features  enabled. 

These  numbers  also  compare  favorably 
with  the  ones  posted  last  year  by  Palo  Alto’s 
PA-5060,  which  topped  out  at  around  17Gbps 
as  a  firewall,  but  fell  to  5.3Gbps  in  IPS  mode 
and  IPS  plus  UTM  modes. 

SSL  rates  were  generally  lower  than  those 
for  cleartext  traffic.  This  isn’t  surprising 
given  that  even  without  decryption,  an  appli¬ 
cation  inspection  engine  may  work  harder  to 
identify  the  seemingly  random  patterns  in  an 
SSL  stream. 

However,  there  were  some  exceptions: 
Check  Point’s  12610  moved  SSL  traffic  faster 
than  straight  HTTP,  and  in  one  case  so  did 
Barracuda’s  NG  Firewall  F900.  The  most 
likely  explanation  is  that  once  the  devices  iden¬ 
tified  traffic  as  SSL,  they  stopped  any  further 
attempts  at  traffic  classification. 

One  configuration  gotcha  surprised  at  least 
two  vendors’  test  engineers:  When  the  Check 
Point  and  Fortinet  systems  had  both  SSL  fire¬ 
wall  rules  and  application  inspection  enabled, 
the  inspection  logic  kicked  in  twice,  causing 
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Mixed-HTTP  Content  Handling 

The  SonicWall  and  Fortinet  devices  maxed  out  the  20Gbps  limit  of  our  test  bed 
with  cleartext  (unencrypted)  Web  traffic,  but  all  devices  moved  SSL  traffic  at  lower 
rates.  And  enabling  IPS  and  UTM  features  caused  further  slowdowns  for  the 
Barracuda  and  Check  Point  devices  when  handling  cleartext  Web  traffic. 


LEGEND 


Barracuda 
Check  Point 
Fortinet 
SonicWall 


FORWARDING  RATE  (Mbps) 
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SSL  rates  to  be  around  half  what  each  vendor 
expected  to  see. 

The  Check  Point  and  Fortinet  results  were 
obtained  without  a  specific  SSL  firewall  rule, 
since  the  application  inspection  feature  can 
identify  SSL  traffic  and  block  or  forward  it 
as  necessary.  If  this  configuration  issue  can 
trip  up  firewall  vendors’  own  engineers,  it’s 
definitely  something  for  enterprise  network 
managers  to  look  out  for. 

Moving  across  the  different  configurations, 
the  Barracuda  firewall’s  forwarding  rates 
dropped  sharply  when  we  enabled  IPS  and 
then  all  UTM  features.  Check  Point’s  12610 
also  moved  cleartext  traffic  more  slowly  with 
antivirus  and  anti-bot  features  enabled;  its 
SSL  performance  was  about  the  same  in  all 
three  configurations,  again  suggesting  the 
device  stopped  inspection  upon  identifying 
a  flow  as  SSL. 

Static  object  tests 

Tests  of  static  100KB  and  512KB  objects 
produced  results  similar  to  those  involving 
mixed  content.  Devices  generally  moved 
static  objects  far  faster  over  HTTP  than  SSL 
(see  graphic  below). 

The  Fortinet  and  SonicWall  firewalls  again 
moved  cleartext  HTTP  objects  at  or  near  the 
network  limits  of  our  test.  SonicWall’s  Super- 
Massive  also  came  close  to  maxing  out  the 
SSL  capabilities  of  our  test  bed.  With  no  DUT 
in  place,  the  Avalanche  traffic  generators 


moved  100KB  and  512KB  objects  over  SSL 
at  17.1Gbps  and  14.4Gbps,  respectively.  The 
SuperMassive  moved  SSL  traffic  near  those 
rates,  regardless  of  configuration.  The  per¬ 
formance  degradation  was  more  noticeable 
for  Fortinet’s  FortiGate  3950B. 

Also,  as  in  the  mixed-object  tests,  both 
the  Fortinet  and  SonicWall  devices  moved 
traffic  faster  than  Palo  Alto’s  PA-5060  did 
in  last  year’s  tests.  As  a  straight  firewall,  the 
PA-5060’s  top  speed  was  18.7Gbps  with 
512KB  objects.  That  rate  fell  to  6.1Gbps  in  IPS 
mode  and  6.3Gbps  in  UTM  mode. 

Conversely,  the  Barracuda  and  Check  Point 
firewalls  generally  moved  SSL  traffic  faster 
than  plain  HTTP,  in  one  case  —  for  Check 
Point  —  more  than  three  times  faster.  Once 
again,  both  devices  probably  stopped  inspect¬ 
ing  traffic  after  classifying  it  as  SSL. 

When  IPS  or  UTM  modes  were  turned  on, 
both  the  Barracuda  and  Check  Point  firewalls 
slowed  down,  but  the  Fortinet  and  SonicWall 
devices  moved  traffic  at  roughly  the  same  rate 
regardless  of  device  configuration. 

SSL  decryption 

SSL  traffic  poses  a  dual  problem  for  NGFWs: 
If  traffic  is  encrypted,  applications  cannot  be 
inspected,  but  if  traffic  is  decrypted  there  may 
be  a  very  high  performance  cost.  In  fact,  the 
SSL  decryption  tests  turned  out  to  be  the  big¬ 
gest  differentiator  in  this  comparison,  and  for 
SonicWall  the  most  controversial  issue. 


When  doing  SSL  decryption,  a  firewall 
acts  as  a  proxy,  intercepting  client  requests 
and  replacing  the  server’s  certificate  with  its 
own.  Since  users  seldom  inspect  the  replaced 
“server”  certificate,  they  think  they’re  dealing 
directly  with  the  origin  server.  The  firewall, 
meanwhile,  decrypts  and  inspects  traffic 
contents. 

Barracuda’s  current  software  works  as  a 
non-transparent  proxy,  requiring  reconfigu¬ 
ration  of  all  client  browsers  for  decryption 
to  work.  Barracuda  says  a  forthcoming  soft¬ 
ware  release  will  support  transparent  proxy- 
ing.  The  other  three  devices  all  functioned  as 
transparent  proxies. 

Also,  the  Barracuda  and  Fortinet  devices 
only  perform  SSL  decryption  when  antivi¬ 
rus  inspection  is  enabled.  The  results  given 
here  reflect  that;  even  though  our  methodol¬ 
ogy  called  for  decryption  in  firewall-only  and 
firewall-plus-UTM  modes,  the  firewall-only 
numbers  for  Barracuda  and  Fortinet  were 
obtained  with  antivirus  inspection  enabled. 

Check  Point’s  12610  proved  by  far  the  fast¬ 
est  at  SSL  decryption  across  all  device  config¬ 
urations.  It  also  was  the  only  system  tested  to 
break  the  lGbps  barrier  (see  graphic ,  page  34). 

Neither  the  Fortinet  nor  SonicWall  devices 
decrypted  SSL  traffic  at  rates  anywhere  close 
to  their  rates  without  SSL  decryption.  Decryp¬ 
tion  rates  for  Fortinet’s  FortiGate  3950B 
ranged  between  191Mbps  and  472Mbps,  far 
slower  than  its  3.6Gbps  to  6.0Gbps  range  of 


Static  HTTP  Content  Handling 


Static  object  tests  also  showed  big  differences  in  performance.  The  SonicWall  and  Fortinet 
devices  again  maxed  out  the  test  bed  in  most  cases,  though  both  went  slower  with  SSL 
traffic  (much  slower  in  Fortinet's  case).  IPS  and  UTM  features  degraded  performance  for 
the  Barracuda  and  Check  Point  devices. 
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CenturyLink's  colocation,  managed  hosting  and  cloud 
services  offer  tailored  solutions  that  promote  innovation. 

If  it's  autonomy  from  IT  headaches  and  hassles  that  you're  pursuing  for  your  company,  then  CenturyLink  is 
the  enterprise  communications  partner  you  need.  We  are  honest  and  fair  and  totally  committed  to  helping 
you  drive  long-term  growth.  Through  our  recent  acquisition  of  Savvis,  we've  further  solidified  our  commitment 
to  providing  tailored  solutions  that  enable  global  innovation  across  your  corporation.  Empowering,  isn't  it? 
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rates  without  decryption. 

Decryption  rates  fell  even  more  precipi¬ 
tously  for  SonicWall’s  SuperMassive,  but 
the  vendor  disputed  our  methodology.  In  our 
tests,  the  SuperMassive  moved  SSL  traffic  at 
11.3Gbps  without  decryption,  even  with  UTM 
features  enabled;  with  decryption,  the  same 
load  moved  at  just  83Mbps,  slower  than  the 
108Mbps  low-water  mark  seen  in  the  previ¬ 
ous  Palo  Alto  PA-5060  test.  The  rates  were 
slower  still,  down  to  49Mbps,  with  static 
100KB  objects,  compared  with  626Mbps  for 
the  PA-5060  in  last  year’s  test. 

SonicWall  says  the  SuperMassive  can 
decrypt  traffic  at  far  higher  rates,  provided 
it’s  pushed  harder.  The  vendor  noted  that  its 
device’s  CPU  utilization  during  these  tests 
was  only  around  2%,  suggesting  it  was  capa¬ 
ble  of  doing  around  50  times  more  work. 

To  put  that  assertion  to  the  test,  we  con¬ 
ducted  one-off  tests  with  50  times  more  flows, 
and  found  that  SuperMassive  decrypted  traffic 
at  rates  of  up  to  4.8Gbps  (see  “Scaling  up  with 
SonicWall’s  SuperMassive”  at  tinyurl.com/ 
c4mem5b).  We  also  tried  the  same  large-flow- 
count  tests  with  the  other  firewalls,  but  none 
could  operate  at  this  level  without  some  failed 
transactions. 

Even  though  the  results  show  a  big  perfor¬ 
mance  hit  for  all  devices  with  SSL  decryption, 
things  actually  could  be  much  worse.  We  used 
the  relatively  weak  RC4-MD5  cipher  in  these 
tests.  While  that’s  the  cipher  in  use  at  many 
e-commerce  sites,  most  banks  and  other  finan¬ 
cial  institutions  use  much  stronger  ciphers. 


such  as  AES256-SHA1,  that  are  far  more  com¬ 
pute-intensive  and  presumably  would  result 
in  still  lower  forwarding  rates. 

TCP  scalability 

The  final  set  of  tests  examined  TCP  scalability 
in  two  ways:  in  terms  of  capacity  (the  maxi¬ 
mum  number  of  concurrent  connections  each 
device  could  sustain  without  time-outs  or 
other  failures)  and  rate  (the  maximum  speed  at 
which  each  device  could  set  up  and  tear  down 
new  connections,  again  with  zero  failures). 

In  the  connection  capacity  tests,  we  con¬ 
figured  Spirent  Avalanche  to  build  up  suc¬ 
cessively  larger  connection  counts  by  having 
each  existing  connection  make  one  new  HTTP 
request  every  60  seconds.  Fortinet’s  FortiGate 
3950B  took  top  honors  here,  handling  more 
than  10  million  connections.  SonicWall’s 
SuperMassive  was  close  behind,  successfully 
fielding  9.9  million  connections.  The  Check 
Point  and  Barracuda  systems  handled  far 
fewer  concurrent  connections,  at  900,000 
and  320,000,  respectively. 

To  measure  connection  setup  rate,  we  con¬ 
figured  Spirent  Avalanche  to  use  the  older 
HTTP  1.0  specification,  which  requires  a  new 
TCP  connection  for  each  new  transaction.  Son- 
icWall’s  SuperMassive  was  the  clear  leader, 
setting  up  290,000  connections  per  second 
(cps).  Check  Point’s  firewall  was  next,  setting 
up  57,039  cps,  while  the  Barracuda  and  Forti- 
net  firewalls  set  up  connections  at  47,043  and 
42,911  cps,  respectively.  The  SuperMassive’s 
highly  parallelized  architecture  (using  96  CPU 


cores)  clearly  favors  a  test  like  this. 

We  concluded  last  year’s  review  of  the 
Palo  Alto  PA-5060  saying  there’s  room  for 
improvement  when  it  comes  to  NGFW  per¬ 
formance.  The  vendors  in  this  review  have 
taken  note:  Forwarding  rates  are  generally 
higher,  as  is  TCP  scalability.  Further,  some 
devices  decrypt  SSL  traffic  far  faster  than  in 
previous  tests.  While  there’s  still  a  security/ 
performance  trade-off  —  a  big  one  —  when 
decrypting  SSL  traffic,  it’s  clear  there  are 
now  more  choices  for  high-speed  application 
inspection  and  control.  ■ 

Newman  is  a  member  of  the  Network  World 
Lab  Alliance  and  president  of  Network  Test, 
an  independent  test  lab  and  engineering 
services  consultancy.  He  can  be  reached  at 
dnewman@networktest.com. 
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SSL  Decryption  Rates 

Enabling  SSL  decryption  caused  the  biggest  performance  hits  and  the 
most  controversy.  The  Check  Point  device  moved  traffic  the  fastest,  and 
SonicWALL's  device  was  generally  slowest  -  but  the  latter  firewall  goes 
much  faster  with  more  flows. 
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CLEAR  CHOICE  TEST:  WAMPSERVER 


Quick  fix  for  PHP  apps  on  Windows 

Open  source  tool  brings  Apache,  MySQL  and  PHP  to  Windows  Web  servers 


BY  SUSAN PERSCHKE 

While  many  popular  website 
applications  (WordPress, 
Drupal,  Joomla,  etc.)  are 
open  source  and  therefore 
freely  available,  running 
these  PHP-based  apps  on  a  Windows  IIS 
Web  server  requires  a  bit  of  retrofitting. 

Although  Microsoft  has  streamlined  the 
process  of  installing  and  configuring  the 
PHP  scripting  language  on  IIS  7.0,  many 
Web  administrators  consider  the  fix,  which 
involves  enabling  FastCGI  extensions,  too 
risky  for  production  environments.  Others 
simply  wish  to  set  up  an  independent  test 
environment  for  evaluating  open  source  apps. 

Moreover,  PHP  extensions  are  not  the  only 
hurdle  for  Windows  webmasters.  A  large 
number  of  PHP-based  open  source  apps  rely 
on  backend  databases  (MySQL,  MariaDB, 
PostgreSQL,  etc.)  that  also  need  special  han¬ 
dling  to  run  on  Windows. 

Enter  WampServer,  an  open  source  prod¬ 
uct  that  installs  a  PHP-apps-ready  platform 
consisting  of  Apache  Web  server,  MySQL 
database  and  PHP,  plus  several  helpful  GUI- 
based  utilities.  WampServer  can  be  installed 
on  virtually  any  version  of  Windows,  either 
desktop  or  server.  With  an  active  user  com¬ 
munity,  industrial-grade  training  programs 
and  a  large  installed  base,  WampServer  is  one 
of  the  world’s  most  popular  Apache-MySQL- 
PHP  distributions. 

We  evaluated  WampServer,  a  product 
of  the  French  company  Alter  Way,  for  its 
Windows-friendly  features  and  its  “out-of- 
the-box”  readiness  for  hosting  PHP  apps.  We 
tested  WampServer  with  Drupal  and  Word- 
Press.  Both  products  were  up  and  running  on 
our  32-  and  64-bit  test  servers  less  than  five 
minutes  after  WampServer  was  installed. 

A  Windows  Web  admin’s  first  instinct  may 
be  to  install  WampServer  on  a  trusty  IIS  Web 
server.  This  is  not  advisable,  especially  for  a 
first-time  installation.  You  may  encounter 
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with  leading  technology  providers. 
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CLEAR 


port  conflicts  or  other  configuration  prob¬ 
lems  that  could  thwart  your  efforts  to  get 
WampServer  up  and  running  smoothly. 

For  the  32-bit  installation,  we  installed 
WampServer  on  a  machine  running  a  fresh 
install  of  Windows  Server  2008  with  Ser¬ 
vice  Pack  2  (patched),  with  no  server  roles 
and  no  Web  services  running.  You  can  also 
test  on  a  virtual  machine.  The  latest  version 
of  WampServer  is  compatible  with  Win¬ 
dows  7  and  Windows  Server  2008.  Previ¬ 
ously  released  versions  can  operate  on  older 
Windows  platforms  going  all  the  way  back  to 
Windows  NT. 

The  WampServer  installation  on  both 
our  32-  and  64-bit  Windows  servers  was 
surprisingly  straightforward  with  just  a 
few  prompts  from  the  Windows  executable 
file  we  downloaded  from  WampServer.com 
(there  are  separate  files  for  32-  and  64-bit 
architectures). 

First,  to  make  it  easier  to  clearly  identify  and 
work  with  the  newly  installed  WampServer 
files,  we  selected  an  empty,  newly  format¬ 
ted  NTFS  extended  partition  and  an  empty 
“wamp”  folder  as  the  destination  for  the  install. 

Next  the  WampServer  installer  prompted 
for  a  choice  of  a  website  browser.  It  defaulted  to 
Internet  Explorer,  and  we  accepted  the  default, 
although  we  also  later  installed  and  tested 
WampServer  with  Google’s  Chrome  browser. 

That’s  all  there  was  to  the  initial  installation. ' 

At  the  conclusion  of  the  installation, 
WampServer  started  up  without  incident, 
as  evidenced  by  a  new  icon  in  the  Windows 
system  tray  that  initially  changes  color  from 
red  to  orange  to  green,  with  green  indicat¬ 
ing  that  the  Apache  Web  server  is  running 
and  listening  for  incoming  HTTP  requests. 
(If  the  icon  stays  orange,  or  red,  this  indi¬ 
cates  that  there  was  a  problem  starting  the 
Apache  Web  service.) 

WampServer  installs  an  unobtrusive  GUI 
services  and  utilities  manager  that  can  be  eas¬ 
ily  accessed  by  single-clicking  the  tray  icon. 

WampServer  listens  on  Port  80  by  default. 
To  confirm  this,  and  to  make  sure  there  were 
no  conflicts,  we  ran  the  utility  “Test  Port  80” 


from  the  utility  Apache  |  Service  menu. 

The  results  were  displayed  in  a  command 
prompt  window. 

Once  we  confirmed  that  WampServer 
was  running  and  listening  on  Port  80,  we 
attempted  to  view  the  homepage  at  http:// 
localhost.  On  our  first  attempt,  we  received  a 
403:  Access  Denied/Forbidden  error.  What 
we  initially  thought  was  a  permissions  error, 
turned  out  to  be  a  minor  DNS  problem.  By 
default  WampServer  listens  on  all  interfaces 
on  Port  80.  Since  our  Windows  2008  server 
was  not  configured  for  the  DNS  role,  we 
needed  to  give  WampServer  a  little  help  to 
determine  where  the  “localhost”  was  pointed. 
We  replaced  “LISTEN  80”  with  “LISTEN 
127.0.0.L80”  in  the  Apache  httpd.conf  file, 
which  is  the  master  configuration  file  used  by 
Apache  Web  server.  After  making  this  minor 
tweak  to  the  httpd.conf  file,  we  were  able  to 
view  the  WampServer  “localhost”  homepage 
in  IE  (for  security  reasons,  remote  Web  access 
is  not  enabled  in  the  initial  installation). 

Although  it  appeared  we  had  successfully 
installed  WampServer,  we  wanted  to  test  its 
suitability  for  hosting  PHP  apps  that  use 
MySQL  as  the  backend  database.  We  chose 
Drupal  and  WordPress  as  the  test  candidates. 
Both  packages  have  installers  that  automate 
most  of  the  installation  process.  However,  both 
apps  also  require  a  MySQL  database  as  a  start¬ 
ing  point.  We  utilized  the  Web  interface  PHP- 
My Admin  to  set  up  the  initial  databases.  PHP- 
My Admin  is  a  Web  utility  for  MySQL  that  can 
be  accessed  from  the  homepage  or  by  navigat¬ 
ing  directly  to  http://localhost/phpmyadmin. 

Important  security  note 

One  thing  to  keep  in  mind:  By  default,  MySQL 
is  installed  with  the  super  admin  account 
“root”  enabled,  but  not  password- protected. 

As  the  default  MySQL  install  is  a  very  vul¬ 
nerable  configuration,  our  first  instinct  was  to 
secure  it  immediately.  However,  we  soon  dis¬ 
covered  that  this  caused  problems  with  our 
subsequent  PHP  product  installs,  especially 
Drupal,  so  we  left  security  “as  is”  for  the  ini¬ 
tial  install  of  our  PHP  apps  (we  locked  it  down 
afterward). 

To  install  Drupal,  we  created  a  new  MySQL 
database  named  “drupal”  and  did  nothing 
further  in  MySQL.  We  then  copied  our  down¬ 
loaded  Drupal  files  into  d:\wamp\www\dru- 
pal,  which  made  Drupal  a  subdirectory  off 
the  WampServer  websites  root  (equivalent 
to  inetpub  in  IIS).  We  then  launched  the  Dru¬ 
pal  installer  in  an  IE  browser  window  (http:// 
localhost/drupal/install.php). 
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CHOICE 


WAMPSERVER 


1.  Quick  and  easy  installation  on  Windows. 

2.  User-friendly,  unobtrusive  GUI  for  managing  WampServer 
services  and  providing  direct  access  to  other  Wamp 
components  (Apache  Server,  MySQL  and  PHP). 

3.  Functional,  preconfigured  Web  interface  (“localhost”  home 
page)  for  launching  apps  and  managing  MySQL  databases. 

4.  Good  online  vendor  support  and  active  forums. 

5.  Large,  active  installed  base  of  users, 

with  available  fee-based  training  courses. 


Five  Thin, 

m  m  III ' 
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1.  The  403  errors  when  trying  to  access  http://localhost  for 
the  first  time  were  annoying,  and  these  happened  on  both  the 
32-bit  and  64-bit  installs.  To  correct  this,  we’d  recommend 
either  shipping  WampServer  with  127.0.0.1  pre-configured 

or  at  least  notify  users  at  the  end  of  the  installation  process 
that  they  may  need  to  make  a  configuration  change  to  the 
httpd.conf  file  in  order  to  view  the  “localhost"  homepage. 

2.  To  make  the  homepage  more  user  friendly,  switch 
the  order  of  items  displayed.  New  users  are  probably 
more  interested  in  navigating  to  PHPMyAdmin  for 
their  newly  installed  projects  than  viewing  for  the 
umpteenth  time  a  long  list  of  installed  modules. 

3.  Add  post-install  screen  to  inform  users  about  the  default 
configuration:  local  server  only  with  no  remote  Web 
access.  Inform  users  if  a  conflict  is  detected  on  Port  80. 

4.  Add  post-install  screen  to  inform  users  that 
WampServer  does  not  auto-configure  as  a  Windows 
service  that  keeps  running  when  the  user  logs  off  or 
starts  up  automatically  if  the  machine  is  rebooted. 

5.  Update  WampServer  to  use  the  latest,  performance- 
enhanced  version  of  Apache  Web  Server  2.4.1. 


The  Drupal  installer  proceeded  through  a 
series  of  Web  pages  designed  to  act  like  a  wiz¬ 
ard.  When  prompted  for  the  database  info  we 
entered  the  database  name  we  created  earlier, 
“drupal,”  and  “root”  for  the  user  account  with 
no  password.  The  Drupal  installer  set  up  the 
database  automatically  from  there,  prompting 
for  a  few  additional  configuration  parameters. 
We  selected  “localhost”  as  the  name  of  our  test 
site.  The  result  was  a  basic,  working  Drupal 
installation  that  was  operational  less  than  two 
minutes  after  launching  the  installer. 

We  decided  to  proceed  to  the  next  install, 
which  was  WordPress.  Once  again,  we  cre¬ 
ated  a  MySQL  database  named  “wordpress” 
and  did  nothing  further  in  MySQL  (no  tables, 
users,  or  permissions).  We  copied  the  Word- 
Press  installation  files  into  d:\wamp\www\ 
wordpress  and  opened  the  installer  in  IE 
(http://localhost/wordpress/).  The  installer 
proceeded  in  a  similar  manner  to  Drupal, 
with  prompts  for  the  MySQL  database  name 
and  various  other  initial  setup  parameters 
such  as  the  WordPress  admin  account.  Again, 
the  install  proceeded  flawlessly  and  we  had 
a  working  WordPress  site  running  in  just  a 
few  moments. 

Although  both  products  were  installed 
and  operational  in  very  little  time,  we  hasten 
to  differentiate  our  (insecure)  bare-bones  test 
environment  from  a  production-ready  envi¬ 
ronment.  Under  no  circumstances  would 
you  want  to  “launch”  these  products  on  a  live 
server  unless  you  first  secure  and  configure 
the  Web  server,  the  MySQL  root  account 
and  each  individual  user  account/database/ 
application. 

Also,  by  default  WampServer  is  accessible 
on  the  local  server  only,  so  you  would  also 
need  to  specifically  configure  it  for  external 
access.  In  a  production  environment  you 
would  need  to  add  or  configure  additional 
IP  addresses  on  the  network  interface,  set  up 
virtual  directories,  and  probably  configure 
WampServer  as  a  service  (this  can  be  done 
from  the  WampServer  GUI  utility  launched 
from  the  tray  icon). 

Most,  if  not  all,  of  the  security  and  configu¬ 
ration  parameters  needed  to  launch  a  pro¬ 
duction-ready  version  of  WampServer  and 
its  hosted  apps  are  found  in  the  documenta¬ 
tion  readily  available  online  from  the  vendor 
for  each  product,  e.g.,  The  Apache  Software 
Foundation  (Apache  Web  Server),  MySQL, 
PHP,  Alter  Way  (WampServer),  Drupal  and 
WordPress. 

Overall  we  were  quite  impressed  by  the 
Windows-friendliness  and  usability  of  the 
WampServer  product.  By  running  PHP  apps 
exclusively  on  WampServer,  we  escaped  the 
task  of  configuring  PHP  extensions  for  IIS.  In 


fact,  IIS  wasn’t  even  installed  on  either  of  our 
Windows  Server  2008  test  machines.  ■ 

Perschke  has  extensive  experience  as  a  Web/ 
database  developer  and  network  security 
manager  in  her  role  as  CSO  for  Arc  Seven 


Technology.  She  is  also  an  experienced 
technical  writer,  and  has  written  numerous 
white  papers  for  a  number  of  different 
organizations,  including  Fortune  500 
companies.  Susan  can  be  reached  at  susan@ 
arcseven.com. 
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The  gov’t  wants  to  know  what  it  doesn’t  know 


“There  are  known  knozvns.  These  are  things  we 
know  that  we  know.  There  are  known  unknowns. 
That  is  to  say,  there  are  things  that  we  know  we 
don't  know.  But  there  are  also  unknown  unknowns.  There  are  things  we  don’t 
know  we  don  7  know.  ”  —  Donald  Rumsfeld 

The  problem  with  the  U.S.  government  not  knowing  what  it  wants  to 
know,  as  well  as  worrying  that  it  doesn’t  know  enough  to  know  what  it 
doesn’t  know,  is  that  said  government  has  the  power  to  try  to  find  out. 
And  when  I  write  “power”  I  mean  resources  and  motivation  that  make 
our  government  effectively  unstoppable. 

In  2005  The  New  York  Times  exposed  the  Bush  administration’s  secret 
authorization  in  2002  that  allowed  the  National  Security  Agency 
(NSA)  to  eavesdrop  on  communications  within  the  U.S.  (prior  to  this, 
the  NSA  was  restricted  to  intercepting  overseas  communications). 

Despite  a  huge  public  outcry  and  legal  action  started  by  the  ACLU 
and  the  EFF,  rather  than  stopping  or  even  slowing  the  warrantless 
wiretapping  program,  the  NSA  has  expanded  and  accelerated  enor¬ 
mously.  If  you  should  doubt  the  seriousness  of  these  intelligence  gath¬ 
ering  projects,  consider  the  NSA’s  new  Utah  Data  Center. 

With  a  $2  billion  budget,  1  million  square  feet  of  data  center,  and  a 
claimed  storage  capacity  of  a  yottabyte,  the  Utah  Data  Center  will  be 
pushing  the  envelope  of  Big  Data. 

In  case  you’re  wondering  what  a  yottabyte  might  be,  a  recent  Wired 
article  about  the  Utah  Data  Center  explained,  “A  yottabyte  is  a  sep- 
tillion  bytes  —  so  large  that  no  one  has  yet  coined  a  term  for  the  next 
higher  magnitude.”  If  a  septillion  doesn’t  help,  consider  that  a  yot¬ 
tabyte  equals  10  followed  by  24  zeros  worth  of  bytes. 


To  give  that  figure  a  bit  more  perspective,  it  has  been  estimated  by 
Cisco  that  by  2015  the  Internet  will  generate  something  around  966 
exabytes  (something  less  than  a  zettabyte,  or  10  to  the  21)  of  data  annu¬ 
ally.  The  Utah  Data  Center  will  be  able  to  store  1,000  times  that  vol¬ 
ume!  And  to  analyze  it  and  crack  encrypted  content  they  have  comput¬ 
ers  that,  it  is  claimed,  are  capable  of  exaflop  (10  to  the  18  floating  point 
operations  per  second)  performance. 

This  power  and  capacity  combined  with  the  ever-expanding  sur¬ 
veillance  network  means  that  pretty  much  everything  you  write, 
everywhere  you  go  online,  every  YouTube  video  you  watch,  every 
Facebook  post  you  make,  every  cellphone  call  you  make  or  receive 
(including  from  where  and  to  whom  and  where  the  recipient  is), 
every  text  you  send  and  receive,  every  public  place  you  walk  through 
...  it  will  all  be  captured,  stored,  analyzed,  categorized  and  filed. 

What  you  should  be  worried  about  is  —  and  I  know  I’ve  said  it  before 
but  it  bears  repeating  —  mission  creep,  the  inevitable  overreach  by  the 
government  when  it  has  control  of  massive  and  highly  detailed  data. 
Just  consider  how  law  enforcement,  with  the  complicity  of  the  cell  ser¬ 
vice  providers,  has  abused  cellphone  tracking. 

I’d  put  money  on  a  future  government  initiative  that  will  require 
access  into  corporate  networks  to  provide  deeper  monitoring  than  can 
be  done  externally.  Hell,  that  might  already  be  underway!  It  might  and 
how  would  you  know  if  it  was?  It  would  be  something  you  don’t  know 
you  don’t  know.  ■ 

Gibbs  doesn't  know  in  Ventura,  Calif.  If  you  do,  let  him  know  at 
backspin@gibbs.com  and  follow  him  on  Twitter  (@quistuipater). 
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How  to  brag  online  without  appearing  to  brag 


LAST  WEEK  I  posted  to  Buzzblog  a  list  of 
the  50  best  “bragging  rights”  claimed  by 
users  of  Google+. 

Who  says  they’re  the  50  best?  Only  me.  And  while  they’re  skewed 
toward  those  in  my  Google+  circles  (a  lot  of  techies  and  media  types) 
and  those  in  theirs  (civilians,  with  a  couple  of  celebs),  I  compiled  this 
list  over  the  course  of  a  few  months  by  looking  at  many  hundreds  of 
Google+  profiles,  which  in  addition  to  containing  standard  biographi¬ 
cal  info  invite  users  to  claim  “bragging  rights.” 

Most  people  pass  —  it’s  not  required  —  and  too  many  take  the  invita¬ 
tion  far  too  seriously.  But  among  those  who  exercise  more  imagination, 
restraint  and  self-deprecation  —  in  other  words,  those  who  get  it  —  you 
will  find  interesting  and  amusing  tidbits.  Here’s  a  sampling  of  the  tech¬ 
ier  ones  (and  the  entire  list  can  be  found  at  http://tinyurl.com/cgodzfo). 

“I  proposed  to  my  wife  using  obfuscated  Perl  code,”  boasts  Colin 
McMillen,  a  software  engineer  who  actually  works  at  Google. 

“I  have  an  amazing  Ubuntu  Tattoo!”  says  Benjamin  Kerensa,  an 
Ubuntu  team  leader. 

“I  understand  all  the  xkcd  jokes,”  notes  Peter  Schmidt,  COO  of  Lin¬ 
ear  Air. 

“Aware  that  passing  in  front  of  the  television  should  be  performed 
swiftly  and  timed  for  the  least  disruption  to  the  game  or  gamers,”  says 
Dana  Geppi  Long,  a  SQL  Sever  DBA. 

“Started  using  Google+  while  I  was  living  in  space,”  brags  Ron  Garan, 
a  NASA  astronaut. 

“I  own  a  LAN-party-optimized  house,”  says  Kenton  Varda,  a  Googler 
whose  house  I’ve  written  about  a  couple  of  times. 


“I  can  do  the  Spock  eyebrow,”  claims  Julio  Ojeda-Zapata,  a  tech  writer 
for  the  St.  Paul  Pioneer  Press. 

“I  shook  Steve  Jobs’  hand,”  says  Robert  Scoble,  startup  liaison  officer 
at  Rackspace. 

“Slashdot.  I  did  that,”  says  Rob  (CmdrTaco)  Malda,  who  now  works 
at  The  Washington  Post. 

“I’ve  been  shot  at  while  writing  code  in  a  120-degree  tent,  I’ve  made 
sensors  out  of  Jell-0,”  says  Matt  McKeon,  a  Google  software  engineer. 

“When  I  was  14 1  wrote  a  single  pass  6502  assembler  in  Atari  BASIC 
(yes,  really).  In  college,  while  my  peers  had  modern  286  PCs  for  their 
assignments,  I  had  a  hand-me-down  Heathkit  8086;  I  rewrote  the  BIOS 
so  it  would  be  PC  compatible  enough  to  run  MS-DOS  3.0,  Wordstar, 
Lotus  123,  and  Borland’s  Turbo  C  IDE.  Everything  since  then  is  a  corpo¬ 
rate  trade  secret,”  recounts  Richard  Masoner,  who  works  at  Oracle/Sun 
and  indicated  to  me  afterward  that  maybe  he  should  have  been  briefer. 

Here’s  one  of  the  best-received  —  at  least  based  on  comments: 

“Found  a  dead  body  when  I  was  12,  saved  the  Enterprise  a  few  times, 
Ran  the  Axis  of  Anarchy,  broke  up  Penny  and  Leonard.  Currently  run¬ 
ning  the  non-lethal  weapons  lab  at  Global  Dynamics,”  recounts  actor 
Wil  Wheaton. 

And,  finally,  there  were  quite  a  few  Google+  users  who  settled  on 
some  variation  of  this  theme  offered  by  computer  programmer  Rob 
Colbert: 

“I  don’t  brag.”  ■ 

Mine  didn't  make  the  cut.  If  you'd  like  to  nominate  one  —  even  your 
own  —  the  address  is  buzz@nww.com. 
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INTRODUCING  BLACKBERRY  MOBILE  FUSION. 

Nowall  personal  and  corporate-owned  BlackBerryf 
iOS  and  Android  devices  can  seamlessly  access 
business  data  and  applications  on  a  single, 
secure  management  platform.  To  find  out  how 
this  new  approach  will  end  mobile  chaos,  visit 
blackberry.com/mobilefusion 
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data  center  expectations  with 
the  power  of  convergence. 


Be  ready  for  what's  next  with  the  world's  most 
intelligent  servers— a  quantum  leap  forward 
for  HP  ProLiant  Gen8  server  blades. 


Get  the  new  Forrester  study 
about  blade  server  impact  on 
management  and  agility  at 

hp.com/servers/bladesNW 

or  scan  the  QR  code  below. 


Focus  on  business-driving  innovations  with  visionary 
technology  that  changes  everything.  New  self-sufficient 
HP  ProLiant  Gen8  server  blades  with  HP  ProActive 
Insight  architecture  break  new  ground  in  productivity 
and  performance,  while  maximizing  every  hour, 
watt,  and  dollar.  These  servers  raise  the  bar  in 
data  center  expectations: 


Deploy  servers  3X  faster*  for  increased 
administrative  productivity 
Slash  downtime  up  to  86%*  with  over  150 
design  innovations*  that  help  you  work 
simply,  reliably,  and  with  confidence 
Reduce  operator  time  on  updates 
by  69%*  with  intuitive,  automated 
management 

Achieve  66%  faster  problem  resolution 
time*  with  HP  Active  Health  System 


*For  details  on  claim  substantiations,  visit 

hp.com/ servers/bladesNW 
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